This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark without root - Can’t restart anymore

0

I run a remote server that requires wireshark for debugging purposes and I wanted to have a php script start/stop wireshark at a users request. Using "wireshark" as a normal user did not open it as I had to have root privilege and every time I ran it using "sudo wireshark", I got an LUA error about permissions so I was looking for a solution that allowed me to run wireshark without root and came across a blog: https://blog.wireshark.org/2010/02/running-wireshark-as-you/

 $ sudo -s
 # groupadd -g wireshark
 # usermod -a -G wireshark admin
 # chmod 750 /usr/bin/dumpcap
 # setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

I reset the server after entering the code above and while that did get wireshark to open how I wanted, now I am having issues when restarting the server. I have tried all possible ways to restart the system and each one ends with the server just shutting off instead of rebooting. This is the only system change that happened during this boot cycle so I am assuming this code screwed something up. Is there anyway to reverse the code listed above?

Thank you

asked 16 Jul '15, 12:44

dirtyrobinson's gravatar image

dirtyrobinson
11335
accept rate: 0%

edited 17 Jul '15, 10:58

One Answer:

0

I run a headless remote server that requires wireshark for debugging purposes and I wanted to have a php script start/stop wireshark at a users request.

Wait a moment: Are you trying to start the GUI version of Wireshark on a system without display through a php script on a web server? If so, that's not going to work very well, no matter what your admin privileges are.

If it's correct what I assume, you should use dumpcap and/or tshark instead of Wireshark.

If I got it wrong, please add more details to your problem description and what you want to achieve.

Regards
Kurt

answered 17 Jul '15, 10:54

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 17 Jul '15, 11:01

Sorry, I typed headless initially and changed it to remote, I didn't realize it wasn't deleted, so I would be starting the GUI version. The server holds files for a mobile application that communicates with databases. I hop on and run wireshark when something requires debugging, since I'm not always in a position to start it, I just wanted to have the user push a button to start wireshark themselves so I can come back and look at the logs.

Regardless, I couldn't find any information on what is causing this issue so I just uninstalled everything related to wireshark. After uninstalling, the server was back to normal so I entered the same command. Once again when I tell my server to reboot, it shuts off and doesn't power back up until I manually turn it on.

I replicated the issue a few times and have decided to just abandon the project altogether. I am so perplexed as to why it's caused the issue so I will instead set it up manually like I have been.

The server is running Debian Wheezy Linux 3.8.13.30. I'm think I'm gonna post this issue to some linux forums. Thanks Kurt.

(17 Jul '15, 11:20) dirtyrobinson

So, your real problem is that your Linux server does not reboot any longer? If so, I don't think this community will be able to help you. That problem is certainly not related to the Wireshark installation or the commands your ran.

(17 Jul '15, 11:45) Kurt Knochner ♦

Yea, I thought at first it was because of wireshark but after replicating it and looking at similar reboot issues I agree that its a linux issue. Thanks again!

(17 Jul '15, 13:21) dirtyrobinson