First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

The capture session could not be initiated on capture device "***" (You don't have permission to capture on that device).

  • retag add tags

Hello,
I got a tshark(Wireshark) 4.0.0rc1 source code, then built and ran it, but got the error below.

user2@dai-VirtualBox:~$ tshark
Capturing on 'enp0s3'
tshark: The capture session could not be initiated on capture device "enp0s3" (You don't have permission to capture on that device).
Please check to make sure you have sufficient permissions.

On Debian and Debian derivatives such as Ubuntu, if you have installed Wireshark from a package, try running

    sudo dpkg-reconfigure wireshark-common

selecting "<yes>" in response to the question

    Should non-superusers be able to capture packets?

adding yourself to the "wireshark" group by running

    sudo usermod -a -G wireshark {your username}

and then logging out and logging back in again.
tshark: 
0 packets captured
user2@dai-VirtualBox:~$ groups
user2 sudo wireshark
user2@dai-VirtualBox:~$

As shown in the results of the groups command, the tshark execution user (user2) is already added to the wireshark group.
I get the same error when trying to capture with Wireshark.

How can I resolve this?

My execution environment is as follows.

OS: Ubuntu 20.04.1 LTS (VirtualBox)
VirtualBox: 6.1.16 r140961 (Qt5.6.2)
tshark(Wireshark): 4.0.0rc1

I got the source code from here. https://2.na.dl.wireshark.org/src/all...


Thank you.

dai's avatar
1
dai
asked 2022-08-27 19:33:19 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Did you build a deb package that you installed, or are you trying to run it from a build directory?

Jaap's avatar Jaap (2022-08-27 20:14:35 +0000) edit
more
  • delete

Did you follow the instructions at https://wiki.wireshark.org/CaptureSet... ?

André's avatar André (2022-08-27 20:59:51 +0000) edit
more
  • delete

>Did you build a deb package that you installed,
I followed the steps below to build and install from the tar.xz file.
1.I downloaded and extracted the tar.gz file from here( https://2.na.dl.wireshark.org/src/all... ).
2.I ran this command in terminal(cd "extracted dir").
3.I ran this command in terminal( cmake . ).
4.I ran this command in terminal( make ).
5.I ran this command in terminal( sudo make install ).
6-1.I ran this command in terminal( sudo dpkg-reconfigure wireshark-common ).
6-2.I selected "Yes" in response to the question.
7.I ran this command in terminal( sudo usermod -a -G wireshark "username" ).
8.I ran this command in terminal( tshark ).
After that I got the error in the question I posted.

>or are you trying to run it from a build directory?
I ran the tshark command in various directories.
And I ... (more)

dai's avatar dai (2022-08-27 22:17:07 +0000) edit
more
  • delete

What do the commands:

which tshark

which dumpcap

getcap `which dumpcap`

print?

Guy Harris's avatar Guy Harris (2022-08-28 06:59:23 +0000) edit
more
  • delete

>Guy Hams

user2@dai-VirtualBox:~$ which tshark
/usr/local/bin/tshark
user2@dai-VirtualBox:~$ which dumpcap
/usr/local/bin/dumpcap
user2@dai-VirtualBox:~$ getcap `which dumpcap`
/usr/local/bin/dumpcap = cap_net_admin,cap_net_raw+eip
dai's avatar dai (2022-08-28 07:38:02 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

You've created a situation in which you've installed Wireshark deb packages from the distribution and build and installed Wireshark from source. Even though this is possible one has to be aware of what programs you run when using the various tools.

Depending on the composition of your PATH environment variable in your shell running tshark may either run the deb package installed one, or your own locally build and installed one.

Running sudo dpkg-reconfigure wireshark-common has only effect on the deb package installed Wireshark programs, not the locally build and installed dumpcap.

Setting the capabilities directly on the locally build and installed dumpcap does solve the underlying problem for the locally build and installed tshark.

Jaap's avatar
13.7k
Jaap
answered 2022-08-28 04:58:55 +0000
edit flag offensive 0 remove flag delete link
more

Comments

I understood.
Thank you.

dai's avatar dai (2022-08-28 05:13:51 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer