This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark and Fedora

0

Dear Sir, I have downloaded and installed Wireshark on my netbook running Fedora 15, using the command: "yum install wireshark-gnome". It has intalled with no errors. Though, when I run the program, it freezes, and I get the following message "couldnt run /usr/sbin/dumpcap in child process: permission denied. Are you member of 'wireshark' group? Try running 'usermod -a -G wireshark username as root". I'm not member of Wireshark, and I didn't need it to run in Windows 7. Could you explain what does it mean? I'm a newcommer in Linux. Thanks in advance! Stilson (from Brazil, e-mail: [email protected])

asked 11 Aug '11, 19:32

stilson's gravatar image

stilson
1111
accept rate: 0%


3 Answers:

2

See the Fedora15 Release Notes

Quote:

2.3.3. Wireshark permissions changes Wireshark in Fedora 15 uses Linux capabilities instead of console helper. As result, the Wireshark users are no longer required to enter the root password. To grant a user permission to capture network traffic using Wireshark or tshark, the system administrator should add the user to wireshark group. The Wireshark or tshark application then runs as ordinary user, only the capturing backend runs with permission to sniff on the network.

So: It sounds like you need to do the "usermod ..." command as suggested.

answered 11 Aug '11, 19:51

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850
accept rate: 17%

edited 11 Aug '11, 19:53

Thank you very much!

(11 Aug '11, 20:24) stilson

(I've converted your Answer to a comment as per the convention for ask.wireshark.org. See the FAQ)

(11 Aug '11, 20:45) Bill Meier ♦♦

This did not work in my case. My user is in the wireshark group after running as root:

usermod -a -G wireshark _your_username

/etc/group shows

wireshark:x:482:_my_user_name

What gives?

(23 Oct '12, 10:57) UdaMan

@UdaMan, did you try logging off and on again?

(23 Oct '12, 14:35) grahamb ♦

0

I had the same problem and I just changed the owner of /usr/sbin/dumpcap with "sudo chown [yourusername] /usr/sbin/dumpcap" and that helped.

answered 24 Oct '12, 01:59

JacKal's gravatar image

JacKal
0113
accept rate: 0%

As long as there are no other users on the system hoping to use dumpcap that would work, but it's not the recommended solution.

(24 Oct '12, 02:38) grahamb ♦

ahh.. now I understand!

(24 Oct '12, 03:54) JacKal

0

I had the same problem as UdaMan. I added myself to the wireshark:x:490: group in /etc/. Even after logging out and in I receive the same error as documented by the original poster. When I ran the command: ls -l /usr/sbin/dumpcap I received the following output:

-rwxr-x---. 1 root 489 65216 May 23 2012 /usr/sbin/dumpcap

Seeing the GID for the dumpcap command was 489, I changed the GID for the wireshark group in /etc/group from 490 to 489 (note: 489 was not used by any other group). This fixed the problem.

So there appears to be a bug in the wireshark install package.

answered 17 Jan '14, 15:10

ted_jane's gravatar image

ted_jane
1
accept rate: 0%