| $ whoami foobar $ /usr/local/bin/tshark -i eth0 capture session could not be initiated (You don't have permission to capture on that device) |
to solve this
become a root user
| # whoami root |
set file capabilities.
| # addgroup wireshark Adding group `wireshark' (GID 1001) ... Done. # chgrp wireshark /usr/local/bin/dumpcap # chmod 754 /usr/local/bin/dumpcap # setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/local/bin/dumpcap # getcap /usr/local/bin/dumpcap /usr/local/bin/dumpcap = cap_net_admin,cap_net_raw+eip |
Please note that command path may differ from my environment.
In my case , I built wireshark from a source code and I’ve installed binary files under /usr/local/bin directory.
add a user to wireshark group
| # egrep foobar /etc/group foobar:x:1000: # usermod -G foobar,wireshark foobar # egrep foobar /etc/group foobar:x:1000:foobar wireshark:x:1001:foobar $ whoami foobar $ /usr/local/bin/tshark -i eth0 Capturing on eth0 |
Hope this helps
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.