Difference between revisions of "Wireshark"

From ArchWiki
Jump to: navigation, search
(Capturing as normal user)
Line 32: Line 32:
* Bug [http://bugs.archlinux.org/task/9201 #9101]
* Bug [http://bugs.archlinux.org/task/9201 #9101]
* [http://wiki.wireshark.org/CaptureSetup/CapturePrivileges]
* [http://wiki.wireshark.org/CaptureSetup/CapturePrivileges Capture Privileges]

Revision as of 21:59, 31 January 2010

Possible problems and how to solve

Your wireshark is not working properly and prints out messages like following even when run as root:

capset(): Operation not permitted

This is due libcap and wireshark now needs capability kernel module to be loaded.

Include it in your MODULES array in rc.conf so it will be automatically loaded in next boot:

MODULES=(... capability)

And load it now with modprobe:

modprobe capability

Capturing as normal user

Running Wireshark as root is not a good thing, and can be dangerous for your system. To be able to capture as normal user do this (as root):

  • Make wireshark group
groupadd wireshark
  • Add your self to the wireshark group
gpasswd -a "your_username" wireshark
  • Change permissions for /usr/bin/dumpcap (eventually, you'll have to do this after every update of Wireshark)
chgrp wireshark /usr/bin/dumpcap
chmod 754 /usr/bin/dumpcap
setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap