This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

hey,

We have a wireshark in our library's computer. i was trying to use it for the first time. when i go to interface and then caputer it gives me this messeage

There are no interfaces on which a capture can be done.

So How do i define the interface??

asked 26 Jan '11, 13:03

bivek's gravatar image

bivek
51114
accept rate: 0%

edited 26 Jan '11, 18:29

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


You don't have to define it, you need to make sure that Wireshark has sufficient rights to use a network card to capture data.

Maybe this will help: http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

permanent link

answered 26 Jan '11, 13:22

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Thanks i guess i wont be able to do it here since its a public computer.

(26 Jan '11, 13:30) bivek

just run the wireshark from the directory in which it is installed using privileges. Use sudo wireshark or sudo ./wireshark. That should work.

permanent link

answered 31 Jan '11, 04:20

sid's gravatar image

sid
45192021
accept rate: 0%

Yup, sudo wireshark or sudo ./wireshark --------->>> These will do the trick, in fact most times these days I find I have to "sudo" everything, Even mundane tasks like "ifconfig" or "iwconfig"! It never used to be like that until I upgraded everything in my BT5 R3 distro... I presume the upgrade / update process has "beefed up" my security levels on my account(s) meaning I have to now be more precise as to what my permissions are when executing any command - maybe not such a bad thing?

(19 Oct '13, 03:14) jezzman

Please don't run Wireshark as root. It has a lot of code that has potential vulnerabilities. You need to enable capture privileges as per the link in the answer from @Jasper above.

(19 Oct '13, 12:39) grahamb ♦

On Ubuntu

  1. sudo apt-get install wireshark libcap2-bin
  2. sudo groupadd wireshark
  3. sudo usermod -a -G wireshark $USER
  4. sudo chgrp wireshark /usr/bin/dumpcap
  5. sudo chmod 755 /usr/bin/dumpcap
  6. sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap (step 6 to make the interfaces visible)

On Fedora

To make the interfaces visible using Gnome:

  1. in terminal: sudo system-config-users. (if command not found: first install system-config-users)
  2. select tab Users, scroll down to your username.
  3. dubble click on your username.
  4. select Groups in User Properties.
  5. scroll down to wireshark and put a mark next to it, ok.
  6. reboot.
permanent link

answered 08 Aug '15, 02:30

bvb's gravatar image

bvb
612
accept rate: 0%

edited 18 Aug '15, 08:39

2

Why is your Ubuntu method better than that listed in the Wiki Capture Privileges page (as noted in @Jasper's answer) which refers to the Debian docs?

(18 Aug '15, 11:07) grahamb ♦

This works well. Thanks

(13 Jun '16, 13:28) Daniel Moghimi
-1

As above -- assuming your user account has access to ./usr/local/bin/ -- you can just cd into there and then in a terminal execute 'sudo wireshark' it will ask for your user password then everything will be hunky-dory (but it will still warn you about running as root!).

the Mad thing is, I used to have wireshark running on my root user account (which was the only account I had lol) and it worked fine for ages and ages ... it gave me the usual "wireshark should not be run as root" etc etc. warning but I never really worried too much, thinking that I couldn't possibly damage anything really badly, right? Anyway to cut a long story short, wireshark started hanging up on me when I started it up and told it to capture on ANY interface - it would just freeze. I tried uninstalling, reinstalling, synaptic, downloading the source and re-compiling, going back to older versions, the whole shebang and EVERY time it ran, it would freeze! The ONLY way around this was for me to learn about User Accounts control in my Backtrack 5 R3 (ubuntu 32-bit) and add a user account which wasn't root. This took a little while to get going, but once I'd ironed out any conflicts most things seem to work just fine in there ... I use this account specifically for testing proxies and browsing using but I should really be using this account as Default and using root ONLY to do housekeeping and major things installs etc,

wireshark comes in handy when initalising and debugging networks so I don't know why using it as root is discouraged, They should make programs as "root-proof" or "damage-proof" as as possible!

Anyhow, I installed wireshark (again) using synaptic on my root account, logged out and logged in to my browsing account - I couldn't install or compile it at all on my new user account - once again I gotta tweak the settings to let it do this, I'm not sure but if I have to logout and login to root everytime I need to install or compile something I'm gonna get annoyed - my Fast Account Switching doesn't work... :(

Lo-and-behold! wireshark is perfect now, not only that but I'm pretty sure I can upgrade it by compiling the 1.8.8 version from source (in root of course)... Like I say, it's all about having a user account which isn't root. making sure it has sufficient privileges to look at and run everything your root account can, and then issuing the commands as super-user (sudo). You will still get that warning "Dangerous to run wireshark as root" though! Strange.. all this happened when I did the processes apt-get upgrade - apt-get update - apt-get update install - apt-get dist-upgrade to get everything updated in my BT5R3. Very strange but I'm slowly getting better with my linux stuff. I don't have the foggiest idea why wireshark decided to hate my root account though... I think its a bug or conflict with one of the new libraries it depends on.

Wireshark 1.8.8 on my windows 7 incidentally always works fine and probably always will... Does anyone know what other packages might be affected or needed to run as a non-root account user? I know tor is one - vidalia will only work outside root as well..

There are ways to get things done in root user account but at command-line level- ie, instead of wireshark, use tshark CLI (dumps pcap data from a terminal), or torify things in terminal + prefs (without vidalia GUI - which is complex and can give false reports of tor working OK). I tried doing things like this for a while but found it cumbersome and time-consuming.. also at CLI level it becomes progressively harder to issue complex commands in combination, and soon you reach a level where processes designed for GUI environment just become impossible.

I so things as non-root by default now - BT5 and any linux distro ought to have a few default user accounts and test profiles set-up to prevent these kind of problems, and boot into them by default, only going to root when the user needs/requests it. Thanks,

permanent link

answered 10 Jun '13, 11:57

jezzman's gravatar image

jezzman
0
accept rate: 0%

1

Yeah, I ran it as root (on Ubunutu), and it didn't like it. It pointed me to a readme located at "/usr/share/doc/wireshark-common/README.Debian" where I read this: "It is advised to capture packets with the bundled dumpcap program as root and then run Wireshark/Tshark as an ordinary user to analyze the captured logs". So, I can run "sudo dumpcap -i myinterface" from the terminal to capture the packets, and then open the resulting file in wireshark as non-root. Not sure if that's what they really meant, but it works.

(18 Oct '13, 18:59) jonS90

At least it works, my friend - that's the main thing! The really strange thing is how wireshark just used to work 100% fine on my root level (lol I was a noob and didn't care at all about ubuntu's account levels / permissions etc.) and then just like that it suddenly stopped working on me. I've only just recently started living by the "never root" rule - and even then only because I'm online so much and I don't want to risk a hacker trying to get into my system and gain root access. Potentially, it could cost me a lot! The guy below sums it up for me... PEACE Bro! :)

----->> It [always running as root] defeats the security model that's been in place for years. Applications are meant to be run with non-administrative security (or as mere mortals) so you have to elevate their privileges to modify the underlying system. For example you wouldn't want that recent crash of Rhythmbox to wipe out your entire /usr directory due to a bug. Or that vulnerability that was just posted in ProFTPD to allow an attacker to gain a ROOT shell.

Its just good practice on any operating system to run your applications on a user level and leave administrative tasks to the root user, and only on a per-need basis.

(19 Oct '13, 03:07) jezzman

You should be able to use wireshark to capture packets without any hassles though - I used to all the time - Do you issue the command (in root, say) as "sudo wireshark" or even as "sudo ./wireshark" ? Reason I ask is that "sudo" might do the trick, I'm not too sure. These days, in my non-root account, sudo wireshark works fine and it captures everything, all the interfaces work with no freezes or problems. It gets upset when I try to save the .pcap in the places where I used to save them though! hahaha noob nightmares!

(19 Oct '13, 03:23) jezzman

Yes, it could capture packets with "sudo wireshark" but it gave me the warning message at launch, which scared me (for good reason considering things you've mentioned). But yes, at least this works. Although....I just discovered this: http://ask.wireshark.org/questions/7523/ubuntu-machine-no-interfaces-listed , which may offer a better solution.

(19 Oct '13, 05:43) jonS90

As I've noted above please don't run Wireshark as root. In most case there is no need, you only need to ensure that the capture privileges are set.

(19 Oct '13, 12:41) grahamb ♦
-1

using linux (based on deb ex ubuntu,luna...) : at terminal tape --> sudo wireshark entre your password and it's fixed

permanent link

answered 25 May '14, 08:12

Abderrahim%20Soubai%20Elidrissi's gravatar image

Abderrahim S...
0
accept rate: 0%

As I've noted above please don't run Wireshark as root. In most case there is no need, you only need to ensure that the capture privileges are set.

(18 Aug '15, 11:02) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620

question asked: 26 Jan '11, 13:03

question was seen: 496,205 times

last updated: 13 Jun '16, 13:28

p​o​w​e​r​e​d by O​S​Q​A