This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How do I make a Wireshark built from source not require root on Linux?

0

Hi, I have installed the brandnew wireshark 2.0.0. Its great! The "old workaround" for nonroot-users would not run. Wireshark starts without interfaces. What shall I do to tun Wireshark 2.0 as normal user?

Thank You for your support.

Bernhard Hauser

asked 30 Nov '15, 11:15

Uri's gravatar image

Uri
11223
accept rate: 0%

edited 02 Dec '15, 13:05

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

What is your Linux distribution and what is the "old workaround" you are refering to?

(30 Nov '15, 17:33) Kurt Knochner ♦

Hi, I am using Ubuntu 14.04 LTS.

(01 Dec '15, 02:38) Uri

3 Answers:

0

I can successfully capture with the new wireshark V2 on Ubuntu 15.10.
I didn't have to change any of the settings but I think I once followed the advice in
wireshark-says-there-are-no-interfaces-on-which-a-capture-can-be-done-how-do-i-fix-this

On Ubuntu

sudo apt-get install wireshark libcap2-bin
sudo groupadd wireshark
sudo usermod -a -G wireshark $USER
sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 755 /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap (step 6 to make the interfaces visible)

Is that the workaround you referred to ?

Regards Matthias

answered 01 Dec '15, 10:44

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

What I did with wireshark 1.12 was this (shown in several threads):

sudo groupadd wireshark
sudo usermod -a -G wireshark dionysius
sudo dpkg-reconfigure wireshark-common (and said there YES)

... and wireshark runs without root privilidges.

The same procedure after compiling wireshark 2.0.0 on the same machine shows no interfaces when i run it as normal user. Running as root shows the interfaces.

(01 Dec '15, 13:48) Uri

Compiling you say? That's not what you did with 1.12 I presume? There you installed Debian packages.

If you try to run wireshark in your build directory use the setcap command as listed on your newly build dumpcap.

(01 Dec '15, 13:53) Jaap ♦

I compiled the legacy wireshark on the same machines like wireshark v2 with the same OS...

(02 Dec '15, 01:22) Uri

Compiled and build Debian packages from that, which you then installed?

I'm asking because you state executing dpkg-reconfigure wireshark-common.

(02 Dec '15, 04:55) Jaap ♦

0

No, I have not built packages, I compiled directly to my system.

I now have removed the older version with sudo apt-get remove wireshark and changed the setcap-path to my current installation:

sudo setcap cap_net_raw,cap_net_admin=eip /usr/local/bin/dumpcap

This fixed the problem! Thanks for your support,

Uri!

answered 02 Dec '15, 11:33

Uri's gravatar image

Uri
11223
accept rate: 0%

No, I have not built packages, I compiled directly to my system.

If by that you mean that you downloaded the Wireshark source tree, built it, and did "make install", then sudo dpkg-reconfigure wireshark-common will have no effect on what you installed - that command is for people who have installed Wireshark from a Debian-style package, not for people who are building Wireshark themselves from source.

(02 Dec '15, 13:11) Guy Harris ♦♦

I now have removed the older version with sudo apt-get remove wireshark

Which means that the older version was installed as a package, not directly built from source and installed from the source build.

(02 Dec '15, 13:12) Guy Harris ♦♦

0

If you're building directly from source, try running the configure script with the --enable-setcap-install option if you're building with autotools or setting the DUMPCAP_INSTALL_OPTION build option to capabilities if you're building with CMake.

answered 02 Dec '15, 13:09

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%