Wireshark No Interfaces, sudo permissions how to fix!

When I open Wireshark in Ubuntu, there are no interfaces.  That is because Wireshark needs to be run with sudo permissions to access the interfaces.  It is not a good idea to run Wireshark from sudo as there are 30K lines of code running with full admin permissions and it will warn you about it as well.

Below is the preferred way.

sudo su
groupadd wireshark
usermod -a -G wireshark stretch
newgrp wireshark
chgrp wireshark /usr/bin/dumpcap
chmod 750 /usr/bin/dumpcap
setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

If setcap does not exist then:
sudo apt-get install libcap2-bin

check to see if sucessful
getcap /usr/bin/dumpcap
/usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip

logout and log back in!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s