This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Ubuntu machine - no interfaces listed

16
7

I've tried the procedures listed in the CaptureSetup/CapturePrivileges, and the Debian specific file, but still see no interfaces. I saw an earlier post referring to bpf* file permissions, but this appears to only be relevant to Mac OS X users. I'm running Ubuntu 10.04 LTS. Any ideas?

asked 20 Nov '11, 18:13

mrcpuhead's gravatar image

mrcpuhead
246335
accept rate: 0%

Hope i'm not stating the obvious here...? Wireshark will only see interfaces that are actually active, are they? use 'ifconfig' on the prompt to see use 'ifconfig eth0 up' to activate then check wireshark again

(21 Nov '11, 02:55) Marc

Yes, the eth0 interface is quite active!

(21 Nov '11, 04:11) mrcpuhead
-1

I had the same problem. I couldn't figure out the specific files/devices that needed permissions in Ubuntu, so I resorted to:

$ sudo wireshark

I didn't mind running as root since I was in a VM.

(21 Nov '11, 04:59) bstn

Sorry, had to ask :-) 2nd obvious thing then would be to see if it would run under sudo..

(21 Nov '11, 05:00) Marc
1

While this might work (and is fine inside a VM), it should generally be avoided. The http://wiki.wireshark.org/CaptureSetup/CapturePrivileges article lays out what needs to be done, and file:///usr/share/doc/wireshark-common/README.Debian is the relevant document in this case.

(21 Nov '11, 05:57) multipleinte...

Haven't tried sudo yet - I'm willing to be it'll work - just didn't want to run wireshark that way if I didn't have to.

(21 Nov '11, 09:24) mrcpuhead

As I mentioned in my orig post, I went to the aforementioned pages, and did what they said, with no luck. The problem is that the README.Debian page doesn't really give the needed steps, it only states in general what you need to do. I'm comfortable enough with Linux to run through most any procedure. This one simply didn't work. I even tried the "Other linux based..." steps: I verified wireshark group membership, group ownership of the dumpcap file, and the setcap command. No joy!

(21 Nov '11, 09:41) mrcpuhead
  1. Did you install Wireshark via a package (apt-get install wireshark or similar) or from source?
  2. What are the user and group ownership and file permissions of /usr/bin/dumpcap (as provided by ls -l /usr/bin/dumpcap)?
  3. Did the setcap command result in any error output?
  4. What command do you execute to launch wireshark (if you use a launcher, what command does it execute)? If it is just wireshark, what is the output of file $(which wireshark)?

Edit: Also, have you verified group membership in wireshark, and logged out and back in at least once?

(21 Nov '11, 11:15) multipleinte...
-1

For all you non Linux people like me. I just copied the icon to the desktop, then right clicked and opened as root. This opened the contain folder and I launched it (double Clicked) from there. Wireshark then prompted me it was running as root. I may become a Linux user yet.

(27 Mar '13, 08:11) dskaiser

As per the comment by @helloworld above running Wireshark as root is not a good idea. Wireshark contains millions of lines of code and the potential for exploitation is considerable.

Was there something deficient in the instructions in the accepted answer by @helloworld?

(27 Mar '13, 09:17) grahamb ♦
showing 5 of 10 show 5 more comments

3 Answers:

28

EDIT: The instructions from README.Debian actually do work (except it's missing the step that tells you to log out and then back in). The dpkg-reconfigure command creates the wireshark group (so you don't need to), but then you need to add your user to the group, and re-login.

These commands work for me with Wireshark 1.6.2 on Ubuntu Server 11.10 (64-bit):

$ sudo apt-get install wireshark
$ sudo dpkg-reconfigure wireshark-common 
$ sudo usermod -a -G wireshark $USER
$ sudo reboot

Instead of rebooting, you can logout with this command:

  • Ubuntu Desktop:

    $ gnome-session-quit --logout --no-prompt

  • Ubuntu Server:

    $ pkill -KILL -u $USER

or simply (if you're already at the login shell):

$ exit

If the solution above still fails on your system, an alternative is to set the setuid bit for dumpcap (which lets dumpcap run effectively as the owner of the file, which is root in this case):

$ sudo chmod 4711 `which dumpcap`

(FYI: There's an open ticket for this "security vulnerability", but no one seems to have done anything about it since it was reported JAN-2010.)****

answered 21 Nov '11, 15:20

helloworld's gravatar image

helloworld
3.1k42041
accept rate: 28%

edited 16 Dec '11, 07:47

2

helloworld - that last command (sudo chmod 4711 'which dumpcap') did the trick - Thanks!

(22 Nov '11, 19:19) mrcpuhead

It really work for me too!!! great boss!!!

(27 Apr '12, 23:39) kuldip
1

If you don't want to kill your GNOME session process, you can run Wireshark from the command line using newgrp to get the new group privileges:

newgrp wireshark
(wireshark &)
^D

The parenthesis and ampersand will run the process in the background, detached from the shell process, so you can log out from the terminal without losing the Wireshark.

(31 Jul '12, 19:41) D_Bezborodov

possibly, sudo chmod 4711 'sudo which dumpcap'. which dumpcap returned nothing when executed as myself.

(20 May '14, 10:51) xtofl

only did , sudo chmod 4711 'which dumpcap' , and interfaces appeared.

(06 Jan '15, 06:47) oori

TONY; Thank you sir!! WORKED Perfectly... "sudo chmod 4711 which dumpcap" & Of Course returned "nothing" (AHEM!) as permissions were only being changed, hence no dialog should gbe expected after command entered. Thank you again "helloworld" {Tony}!
... (Linux Mint; via "official" .deb ~ April 19th 2016) THANK You sir!

(09 May '16, 19:08) krstep2
showing 5 of 6 show 1 more comments

7

Complete solution found at http://cmc.site11.com/?p=2165

sudo addgroup -system wireshark
sudo chown root:wireshark /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
sudo usermod -a -G wireshark YOUR_USER_NAME

Then just start Wireshark and select the network interface. It worked for me on 10.04 LTS.

answered 04 Apr '12, 11:41

kyphos's gravatar image

kyphos
10622
accept rate: 0%

bravo!!! these commands works fine in my ubuntu 12.04 lts thnk..

(13 Jan '13, 11:13) dipesh

Yes It's Working

(31 Jan '13, 02:45) Rajitha

Did this as it seemed quicker than the other methods - seems to be working :)

(15 Mar '14, 09:40) alexgmcm

on mu ubuntu 13.10 and wireshark Version 1.10.2 (SVN Rev 51934 from /trunk-1.10) works perfect!!!!

(22 May '14, 10:05) nicksat

Worked perfectly for me on Xubuntu 14.04. Well done and thank you.

(12 Jun '14, 19:35) funklebits

Its work for me, Using Ubuntu 14.04. Thank you buddy. @kyphos

(30 Jul '14, 09:31) gamer_h2so4

Thanks, perfect, Raspberry Pi, RPi

(24 Feb '15, 03:59) Diez66

Yep, worked for me too!

(10 Apr '15, 15:14) herogee

CAN I GET SOME HELP? What do i do with the sudo? where would i add them?

(13 Oct '16, 12:54) JKeaney

You don't add them anywhere. You run these commands just once, in the order given. sudo allows you to execute commands as superuser although you're not logged in as such.

What you actually do is:

sudo addgroup -system wireshark - you add a new group of users called wireshark

sudo chown root:wireshark /usr/bin/dumpcap - you make user root and group wireshark the owners of /usr/bin/dumpcap which is the binary which actually does the capture. With this setting, any member of the group wireshark can start the binary

sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap - allow the binary to access the interfaces and capture on them

sudo usermod -a -G wireshark YOUR_USER_NAME - you make Mr. YOUR_USER_NAME also a member of the group wireshark (also because he remains a member of his original group), so if that user runs Wireshark, that instance of Wireshark can start dumpcap.

(13 Oct '16, 13:26) sindy
showing 5 of 10 show 5 more comments

0
sudo groupadd wireshark
sudo usermod -a -G wireshark $USER
sudo chgrp wirshark /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

answered 10 Feb '14, 04:16

adamali's gravatar image

adamali
253
accept rate: 0%

edited 24 Feb '15, 04:05

grahamb's gravatar image

grahamb ♦
19.8k330206

Thanks Graham, it works now!!!!

(01 Jul '15, 00:43) paysan