When I open Wireshark in Ubuntu, there are no interfaces. That is because Wireshark needs to be run with sudo permissions to access the interfaces. It is not a good idea to run Wireshark from sudo as there are 30K lines of code running with full admin permissions and it will warn you about it as well.
Below is the preferred way.
sudo su
groupadd wireshark
usermod -a -G wireshark stretch
newgrp wireshark
chgrp wireshark /usr/bin/dumpcap
chmod 750 /usr/bin/dumpcap
setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
If setcap does not exist then:
sudo apt-get install libcap2-bin
check to see if sucessful
getcap /usr/bin/dumpcap
/usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip
logout and log back in!
No comments:
Post a Comment