Wireshark

From ArchWiki
Revision as of 21:58, 31 January 2010 by Jazzfan (Talk | contribs) (Capturing as normal user)

Jump to: navigation, search

Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: please use the first argument of the template to provide more detailed indications. (Discuss in Talk:Wireshark#)

Possible problems and how to solve

Your wireshark is not working properly and prints out messages like following even when run as root:

capset(): Operation not permitted

This is due libcap and wireshark now needs capability kernel module to be loaded.


Include it in your MODULES array in rc.conf so it will be automatically loaded in next boot:

MODULES=(... capability)

And load it now with modprobe:

modprobe capability


Capturing as normal user

Running Wireshark as root is not a good thing, and can be dangerous for your system. To be able to capture as normal user do this (as root):

  • Make wireshark group
groupadd wireshark
  • Add your self to the wireshark group
gpasswd -a "your_username" wireshark
  • Change permissions for /usr/bin/dumpcap (eventually, you'll have to do dis after every update of Wireshark)
chgrp wireshark /usr/bin/dumpcap
chmod 754 /usr/bin/dumpcap
setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap

Sources