Limiting capture permission to only one groupĪfter having set dumpcap's network privileges:Ĭreate user "wireshark" in group "wireshark".Įnsure Wireshark works only from root and from a user in the "wireshark" group ( I DID THIS STEP ONLY IN THE END - NOT OVER YET)Īnd finally, two more steps: sudo dpkg-reconfigure wireshark-common (NOTE: Replace /usr/bin with /usr/sbin in this command and the next command in case you receive an error that indicates that dumpcap isn't in /usr/sbin) In this case, you will need to make dumpcap set-UID to root.
Setting network privileges for dumpcap if your kernel and file system don't support file capabilities Start Wireshark as non-root and ensure you see the list of interfaces and can do live capture.(NOTE: Replace /usr/bin with /usr/sbin in case you receive an error that indicates that dumpcap isn't in /usr/bin) Sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap Setting network privileges for dumpcap if your kernel and file system support file capabilitiesĮnsure that you have installed the necessary tools, such as the setcap command. I followed those instructions (with adaptations): They RECOMMEND restrict dumpcap execution to a specific group or user. I followed the instructions from wireshark page about about capture privileges: It can be a temporary solution, but not desired as permanent solution. That will allow packet capture for ALL USERS on the system. The above command really works, but I would like to add a security WARNING. The proposed solution is: sudo chmod +x /usr/bin/dumpcap Which is marked as duplicate and brought me here. I'm not able to use wireshark "couldn't run /usr/bin/dumpcap in child process" Googled “couldn't run /usr/bin/dumpcap in child process” and found this question:
0 kommentar(er)
