1

I recently installed wireshark and before i could even start capturing anything it says "no interface can be used for capturing in this system with the current configuration"

as im new to wireshark, does anyone know how to change the current configuration and what to change them to? sorry for any duplication and for shortness in description but i cant proceed without this configuration being set right

James
  • 21
  • 1
  • 3
  • 8

1 Answers1

1

Update:
The default installation of Wireshark requires root privileges to run packet capturing. This is why I suggested below to run it as a privileged user. As @Warren Hill kindly pointed out this is not the recommended way to use Wireshark.

Please read How do I run WireShark, with root-privileges? and follow @Oli's answer on how to reconfigure Wireshark to be able to run as your own user.

To make the group membership changes effective (as stated in that answer) you'll need to log out or restart the system. If you do not want to do that right now for any reason, temporarily login might help. (You'll have to specify your password twice: once for sudo and once for login).

$ sudo login <your_user_name>
[sudo] password for <your_user_name>:
password:
$ DISPLAY=:0.0 wireshark

Answer left below for reference:

Try to run Wireshark with root privileges:

pkexec wireshark

According to the Wireshark Wiki:

Running Wireshark (or any other network capture/analyzer, for that matter) on Linux needs root privileges. Therefore, you have to have root privileges when starting Wireshark, else you can't capture data. Please note that you don't have to login as root when starting your computer, you can use su(1) or sudo(8) for that purpose.

Community
  • 1
lgarzo
  • 19,832
  • ok i ran the command and it says... (wireshark:3274): Gtk-WARNING **: cannot open display: is this normal or is there something wrong? – James Jul 08 '13 at 11:34
  • I've come around a workaround for this: pkexec bash -c "DISPLAY=:0.0 wireshark". Could you test if Wireshark can now be started? – lgarzo Jul 08 '13 at 12:22
  • This is not the recommended way. See duplicate question – Warren Hill Jul 08 '13 at 12:33
  • @WarrenHill thanks for the heads-up! I added your advice into the answer by explaining not to do as I suggested before. While the content still remains true, I understand one should reconfigure the package instead of hacking root to be able to run it. Thanks again! – lgarzo Jul 08 '13 at 13:34
  • ok im kind of confused here as ive just checked the answers now. Do i type in the above command? or is that a bad thing to try? – James Jul 08 '13 at 13:59
  • i followed the help in the duplicate question but it says the same thing with the addition of this comment underneath "(couldn't run usr/bin/dumpcap in child process: permission denied) – James Jul 08 '13 at 14:12
  • I haven't found your error message in the linked question, but tried the suggested methods. Have you reconfigured wireshark-common? Have you added yourself to the wireshark group? If your answer is yes to both of these questions you have (at least) 3 options: 1) Restart Ubuntu. 2) Log out and log back in. 3) Try my temporary solution: sudo login <your_user_name>. All of these aim that the newly assigned group takes effect. To test if you're member of the wireshark group type groups in the terminal. It should list wireshark. – lgarzo Jul 08 '13 at 14:28
  • i typed groups and it did not say wireshark, when following the advice in the duplicate question it asked for the administrative password and it kept saying the password i typed was wrong when i know it wasnt??? i think this may be the problem, im not sure. Im quite new to this so im not sure if i have configured wireshark-common or even added myself to the group as im not sure how to do that! i will try restart ubuntu now but i think the problem is the administrative password, im just not sure why it says i got it wrong when its the only password i use? – James Jul 08 '13 at 14:35
  • Please follow Oli's answer. Each sudo command requires the password for your user name (it should be the same as the one you log in with). After typing in the password each command would run with root privileges. The first one reconfigures wireshark, so that anyone will be able to run it as a regular user provided (s)he is the member of the wireshark group (no root required). The second one adds you to the wireshark group. This group addition only takes effect if you logout/login. Therefore the 3 methods, but a simple restart will do. – lgarzo Jul 08 '13 at 14:53
  • restarting ubuntu never resolved the what could be the issue? – James Jul 08 '13 at 14:53
  • I think your problem might be that you could not enter your password at the [sudo] prompt. You should be able to do that, please try again. – lgarzo Jul 08 '13 at 15:00
  • in oli's answer i have ran the first command twice and selected yes for the first and no for the second time i tried, then added user as me but it states there is already a group named wireshark – James Jul 08 '13 at 15:04
  • Run the reconfigure command again, and select „Yes”. It is important, that makes wireshark allow the users in the wireshark group to do the packet capture. Ignore the message about the already existing group. If you're finally able to be a member of the wireshark group, I think you'll be good to go. – lgarzo Jul 08 '13 at 15:30