Dear Sir, I have downloaded and installed Wireshark on my netbook running Fedora 15, using the command: "yum install wireshark-gnome". It has intalled with no errors. Though, when I run the program, it freezes, and I get the following message "couldnt run /usr/sbin/dumpcap in child process: permission denied. Are you member of 'wireshark' group? Try running 'usermod -a -G wireshark username as root". I'm not member of Wireshark, and I didn't need it to run in Windows 7. Could you explain what does it mean? I'm a newcommer in Linux. Thanks in advance! Stilson (from Brazil, e-mail: [email protected]) asked 11 Aug '11, 19:32  stilson |
3 Answers:
See the Fedora15 Release Notes Quote: 2.3.3. Wireshark permissions changes Wireshark in Fedora 15 uses Linux capabilities instead of console helper. As result, the Wireshark users are no longer required to enter the root password. To grant a user permission to capture network traffic using Wireshark or tshark, the system administrator should add the user to wireshark group. The Wireshark or tshark application then runs as ordinary user, only the capturing backend runs with permission to sniff on the network. So: It sounds like you need to do the "usermod ..." command as suggested. answered 11 Aug '11, 19:51  Bill Meier ♦♦ edited 11 Aug '11, 19:53 |
I had the same problem and I just changed the owner of /usr/sbin/dumpcap with "sudo chown [yourusername] /usr/sbin/dumpcap" and that helped. answered 24 Oct '12, 01:59  JacKal As long as there are no other users on the system hoping to use dumpcap that would work, but it's not the recommended solution. (24 Oct '12, 02:38) grahamb ♦ ahh.. now I understand! (24 Oct '12, 03:54) JacKal |
I had the same problem as UdaMan. I added myself to the wireshark:x:490: group in /etc/. Even after logging out and in I receive the same error as documented by the original poster. When I ran the command: ls -l /usr/sbin/dumpcap I received the following output: -rwxr-x---. 1 root 489 65216 May 23 2012 /usr/sbin/dumpcap Seeing the GID for the dumpcap command was 489, I changed the GID for the wireshark group in /etc/group from 490 to 489 (note: 489 was not used by any other group). This fixed the problem. So there appears to be a bug in the wireshark install package. answered 17 Jan '14, 15:10  ted_jane |
Thank you very much!
(I've converted your Answer to a comment as per the convention for ask.wireshark.org. See the FAQ)
This did not work in my case. My user is in the wireshark group after running as root:
usermod -a -G wireshark _your_username
/etc/group shows
wireshark:x:482:_my_user_name
What gives?
@UdaMan, did you try logging off and on again?