This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Dumpcap only sees bluetooth?

0

I have some troubles getting dumpcap to see all the available capturing interface. I added myself to the wireshark group, but dumpcap really only sees bluetooth interface and nothing else.

[email protected]:~$ dumpcap -D
1. bluetooth0
[email protected]:~$ dumpcap -L
Capturing on 'bluetooth0'
Data link types of interface bluetooth0 (use option -y to set):
  BLUETOOTH_HCI_H4_WITH_PHDR (Bluetooth HCI UART transport layer plus pseudo-header)
[email protected]:~$ ls -la /usr/bin/dumpcap 
-rwxr-x--- 1 root wireshark 77080 Mar 11  2014 /usr/bin/dumpcap
[email protected]:~$ groups antony
antony : antony adm cdrom sudo dip plugdev lpadmin sambashare chrome-remote-desktop wireshark

[email protected]:~$ sudo dumpcap -D
[sudo] password for antony:


    

  1. eth0
    2. 

  2. zt0
    3. 

  3. bluetooth0
    4. 

  4. nflog
    5. 

  5. nfqueue
    6. 

  6. vmnet1
    7. 

  7. vmnet8
    8. 

  8. any
    9. 

  9. lo (Loopback)

As you can see, if I sudo dumpcap, I can see all the interfaces. Thus, clearly, wireshark group has no access to interfaces like eth0 But really not sure how to fix it.

Running Ubuntu 14.04.1

Thanks

asked 31 Dec ‘14, 14:12

antony's gravatar image

antony
16113
accept rate: 0%

I have exactly the same problem.

[email protected] ~ $ dumpcap -D

  • bluetooth0
[email protected] ~ $ dumpcap -L
Capturing on 'bluetooth0'
Data link types of interface bluetooth0 (use option -y to set):
BLUETOOTH_HCI_H4_WITH_PHDR (Bluetooth HCI UART transport layer plus pseudo-header)
[email protected] ~ $ ls -la /usr/bin/dumpcap
-rwxr-xr-x 1 root wireshark 77080 Mar 11  2014 /usr/bin/dumpcap
[email protected] ~ $ groups allenb
allenb : allenb root sudo smbusers wireshark
[email protected] ~ $ sudo dumpcap -D
[sudo] password for allenb:
    • 

  • eth0
    • 

  • wlan0
    • 

  • bluetooth0
    • 

  • nflog
    • 

  • nfqueue
    • 

  • any
    • 

  • lo (Loopback)
[email protected] ~ $

    • I have restarted the computer several times without any success.

    Any suggestions?

    Thank you Allen

    (15 Nov ‘16, 10:43) Allen

    I suggest you read the answers to the question and try doing what they say.

    (15 Nov ‘16, 12:13) Guy Harris ♦♦

    3 Answers:

    1

    Have you done sudo dpkg-reconfigure wireshark-common? If not, do so, and then try it.

    answered 31 Dec '14, 16:01

    Guy%20Harris's gravatar image

    Guy Harris ♦♦
    17.4k335196
    accept rate: 19%

    I actually did issue sudo dpkg-reconfigure wireshark-common and rebooted, noticed that it wasn't working..so that's why I went through all that troubles in the original post. But I just did the same command again and rebooted... it works this time. I still can't explain why. I checked ~/.bash_history to confirm that I did indeed issue such command in the past too..

    (01 Jan '15, 16:18) antony

    0

    Have you logged off then on again? I believe group permissions are only updated on logon.

    answered 01 Jan '15, 14:14

    grahamb's gravatar image

    grahamb ♦
    19.8k330206
    accept rate: 22%

    @grahamb, please see my comment to Guy Harris. I am a little dumbfounded that dumpcap did not work at all, after I issued the sudo dpkg-reconfigure wireshark-common first time...and now many reboots later... and issued the same command once more.. viola. it works.

    (01 Jan '15, 16:20) antony

    0

    Finally fixed it. The mistake I made was not making the wireshark group a SYSTEM group. I back tracked and removed everything and started again and it's now working.

    For user guy's benefit, I had done exactly what you had said. There wasn't a bloody thing to indicate that the group wireshark had to be a system group.

    Anyway, all's well and thank you to those who helped.

    Allen

    answered 16 Nov '16, 09:23

    Allen's gravatar image

    Allen
    61
    accept rate: 0%