7

I just switched to Ubuntu from openSuse where I used wireshark with no problem. Now I receive the error that "You don't have permission to capture on that device" referring to my 802.11 wifi. I have root privileges but not running as root. I installed Wireshark from the Ubuntu software Center. Solution please.

Thomas Ward
  • 74,764
John
  • 71

1 Answers1

14

Try these steps. These steps will set network privileges for the dumpcap executable, if your kernel and the file system supports file capabilities. (source)

  1. Check if the setcap command exists in /sbin/. The command whereis setcap will tell you if it exists.
  2. If the setcap command exists, run this command: sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap (If this errors, use /usr/sbin/dumpcap instead of the path listed here already)
  3. Add your user to the wireshark group - sudo usermod -a -G wireshark $USER
  4. Log all the way out, then login again.
  5. Start Wireshark as a non-root user and see if you can do a live capture.

If that does not work, you may have to use the set-UID method if your kernel doesn't support the above commands:

  1. sudo chown root /usr/bin/dumpcap (If this errors, use /usr/sbin/dumpcap instead of the specified path.)
  2. sudo chmod u+s /usr/bin/dumpcap (If this errors, use /usr/sbin/dumpcap instead of the specified path.)
Thomas Ward
  • 74,764
  • Or, given that Ubuntu is a Debian derivative, just use dpkg-reconfigure wireshark-common (you may have to do it as root, for example using sudo), as suggested by a page linked to from the source for this. –  Dec 04 '14 at 20:39
  • @GuyHarris True, however, this may also not 100% of the time solve it, there have been notable issues with that not working at times (and the assumption is those commands failed, hence me giving the greater description here of the manual steps to achieve those results). This also assumes there's not ADDITIONAL restrictions on the network adapters themselves, which could be another issue. – Thomas Ward Dec 05 '14 at 01:48
  • I had to run sudo setcap ... for the command to work. Otherwise, wireshark can now be loaded as a normal user for me. – Yanick Rochon Dec 31 '14 at 10:49
  • @YanickRochon Yep, my bad, i forgot to include sudo (the Wireshark documentation assumes you were running the commands under the root user) – Thomas Ward Dec 31 '14 at 14:11