I ran tshark on Ubuntu/Windows 10 as follows $ tshark -i 6 Capturing on 'usbmon1' tshark: The capture session could not be initiated on interface 'usbmon1' (Can't open USB bus file /sys/kernel/debug/usb/usbmon/1t: Permission denied). Please check to make sure you have sufficient permissions, and that you have the proper interface or pipe specified. 0 packets captured (I get the same message when I run Wireshark) I followed instructions on this web site including "sudo dpkg-reconfigure wireshark-common"; responding "yes", signing off and on. Again I got the same error message. WiresharAny idea how to fix this problem? Update: Thank you for the advice that I got from the community I was able to handle usbmon as suggested and I got to capture data for it. he way for me to run tshark without errors was by executing it through gksudo. gksudo -- tshark -i 1 -l -a duration:30 The -- between gksudo and tshark are necessary for tshark to interpret the parameters. The only problem is that ^C does not stop the running program asked 01 Jun '17, 13:25  jh2222 edited 06 Jun '17, 06:30 |
One Answer:
On Linux, you need to load the Alternatively you can allow any user that executes the capture process to bypass file permissions (this is done by Arch Linux for example), but might be more risky. answered 04 Jun '17, 08:55  Lekensteyn edited 04 Jun '17, 08:56 Thank you. It works. So both usbmon1 and usbmon2 capture packets! (04 Jun '17, 18:09) jh2222 If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information. (06 Jun '17, 04:34) grahamb ♦ |
What does
ls -l /usr/bin/dumpcapprint?ls -l /usr/bin/dumpcap -rwxr-xr-- 1 root wireshark 88272 Apr 8 2016 /usr/bin/dumpcap
You really should not be running tshark (or Wireshark) as root. If you think you have to do that, it simply means you haven't given sufficient capture privileges to your user on the required interfaces.