First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Wireshark, built from source - no interfaces found, but the version from the APT repo works

I have an issue with Wireshark 3.2.3 (compiled from source). It does not show any interfaces to capture packets from.

But this does not seem to be an issue with dumpcap permissions. My dumpcap already has the right permissions and is functional on older Wireshark versions (2.6.10). Proof:

$ dumpcap -D
1. enp0s25
2. any
3. lo (Loopback)
4. bluetooth0
....

Also see this screenshot: enter image description here

(Left is version 2.6.10 from apt repo, right is version 3.2.3 compiled from source)

I also tried the version from: https://launchpad.net/~wireshark-dev/... but that one does not seem to open (other errors with libs)

So I can not get v3.2.3 to work and give me a list of interfaces. I don't see other problems with v3.2.3. Does anyone know what the problem is or could be?

Even when I run wireshark as root I don't get any interfaces.

$ ./wireshark 
qt5ct: using qt5ct plugin
qt5ct: D-Bus global menu: no
$ (back to terminal if I close UI, no other messages)

System running Linux Mint 19.1 (Ubuntu 18.04)

ralpha's avatar
1
ralpha
asked 2020-04-16 01:12:26 +0000
Guy Harris's avatar
19.9k
Guy Harris
updated 2020-04-16 19:34:07 +0000
edit flag offensive 0 remove flag close merge delete

Comments

What is the output of dumpcap -D for the 3.2.3 (compiled from source).

Chuckc's avatar Chuckc (2020-04-16 01:42:52 +0000) edit
more
  • delete

I did not know dumpcap was part of wireshark itself, So I looked/search though the code and saw that libpcap-dev was required to compile the dumpcap binary. And it seem that if is now created, it was not in the build directory before. And is seem to give me the same output as above. Recompiling the rest of wireshark. Let see if this solves the problem. Why does it not use the dumpcap already in my /usr/bin folder?

ralpha's avatar ralpha (2020-04-16 02:58:44 +0000) edit
more
  • delete

Check Help->About Wireshark->Folders to see the path to programs.

More info on running multiple versions: https://www.wireshark.org/docs/wsdg_h...

Chuckc's avatar Chuckc (2020-04-16 03:20:24 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

The solution to this problem was that libpcap-dev is required to compile dumpcap.

As noted in the CMakeList.txt file: "Dumpcap was requested but libpcap dependency is not available. Wireshark will be built without packet capture capability."

This is (probably) part of the optional packages of wireshark. You can see a list of all optional packages that where NOT build at the end of the cmake command.

After installing libpcap-dev, I used sudo apt install libpcap-dev, make clean you build directory and recompile using cmake and make. Build info here: https://www.wireshark.org/docs/wsug_h...

Thanks to @bubbasnmp for helping me and making me look in the right direction. :)

ralpha's avatar
1
ralpha
answered 2020-04-16 03:46:37 +0000
edit flag offensive 0 remove flag delete link
more

Comments

IME, running sudo apt build-dep wireshark-qt (or package of your choice) will pull in all the required dependencies.

grahamb's avatar grahamb (2020-04-16 10:03:50 +0000) edit
more
  • delete

And there's tools/debian-setup.sh for you as well in the Wireshark source code

Jaap's avatar Jaap (2020-04-17 06:48:40 +0000) edit
more
  • delete

That info might be very useful to include in https://www.wireshark.org/docs/wsug_h... for other people

ralpha's avatar ralpha (2020-04-18 04:50:14 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer