Wireshark-users: [Wireshark-users] Cannot capture traffic on any interfaces after building Wiresh

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Bryce Thomas <bryce.m.thomas@xxxxxxxxx>
Date: Sun, 24 Sep 2017 11:23:36 -0700
There are numerous questions and answers online about how to successfully
capture packets in Wireshark without root permissions.  Notwithstanding, I have
been unable to find an answer that addresses my particular scenario.

I am building Wireshark from source, on an Ubuntu 17.04 machine.  Specifically,
I am building from Git source control, branch `master-2.4`, commit SHA
`bebcaf1379557fa19d8321634c59e8ee6c3c59e8`.  The reason I am buildng from
version controlled source is that I would ultimately like to work on a plugin,
which will ideally be contributed back to the Wireshark project.

I have gotten as far as successfully building and running Wireshark.  I can see
a complete list of capture interfaces (wlan0, any, lo, eth0, etc.).  However,
when I attempt to capture on any of these interfaces, I get the following error
in a dialog box:

> The capture session could not be initiated on interface 'lo' (You don't have
> permission to capture on that device).
> Please check to make sure you have > sufficient permissions, and that you have
> the proper interface or pipe specified.

I am building wireshark as follows:

```
./autogen.sh
./configure --enable-setcap-install --with-dumpcap-group=wireshark
make
```

Regarding groups & permissions, I already have a `wireshark` group, and my user
belongs to the group:

```
groups | grep wireshark # it's there
groups $USER | grep wireshark # it's there
```

I am configuring the built version of dumpcap as follows:

```
sudo chmod 750 .libs/dumpcap
sudo chgrp wireshark .libs/dumpcap
sudo setcap cap_net_raw,cap_net_admin+eip .libs/dumpcap
```

I am running Wireshark like so:

```
WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 ./wireshark
```

At this point, I cannot figure out what else I have missed.  FWIW, I'm assuming
`.libs/dumpcap` is the right dumpcap to set permissions on, as it seems to be
the one running when I run wireshark:

```
$ ps -aux | grep dumpcap
my_username    23614  0.0  0.0  30368  1580 pts/0    S+   11:06   0:00 /home/my_username/src/wireshark/.libs/dumpcap -S -Z none
```

Any pointers on where I have gone wrong?