Bug 28852

Summary: Wireshark /usr/bin/dumpcap cannot be run.
Product: Mageia Reporter: Ezequiel Partida <ezequiel_partida>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED INVALID QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, lewyssmith, ouaurelien
Version: 8Keywords: NEEDINFO
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: CVE:
Status comment:

Description Ezequiel Partida 2021-04-28 20:03:24 CEST 
Description of problem:

Wireshark /usr/bin/dumpcap cannot be run.

Version-Release number of selected component (if applicable):

wireshark - Network traffic analyzer​   3.4.3

How reproducible:

Steps to Reproduce:
1.  Install Wireshark 3.4.3
2.  Run wireshark
3.  A message will appear saying that /usr/bin/dumpcap could not run.

I fixed this by using chmod a+xrw /usr/bin/dumpcap

Probably this could be fixed on the next package release. ;-)

Regards
Comment 1 Lewis Smith 2021-04-28 20:27:42 CEST 
I wonder whether this is because 'dumpcap' is supposed to be run either as root, or by users in the wireshark group - to which they have to be specifically added:
>>>
1. Using dumpcap without allowing non-root users to capture packets

   Only root user will be able to capture packets. It is advised to capture
   packets with the bundled dumpcap program as root and then run 
   Wireshark/Tshark as an ordinary user to analyze the captured logs. [1]

   This is the default.

2. Using dumpcap and allowing non-root users to capture packets

   Members of the wireshark group will be able to capture packets on network 
   interfaces. This is the preferred way of installation if Wireshark/Tshark
   will be used for capturing and displaying packets at the same time, since
   that way only the dumpcap process has to be run with elevated privileges 
   thanks to the privilege separation [2].

   Note that no user will be added to group wireshark automatically, the 
   system administrator has to add them manually.

   [1] http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
   [2] http://wiki.wireshark.org/Development/PrivilegeSeparation
<<<

I just installed wireshark (+ dumpcap) :
 $ ls -l /usr/bin/dumpcap 
 -rwsr-x--- 1 root wireshark 121904 Ebr   2 21:38 /usr/bin/dumpcap*
which looks correct.

Please say whether you problem comes from not heeding the rules - or in spite of doing so.

CC: (none) => lewyssmith
Ever confirmed: 1 => 0
Status: NEW => UNCONFIRMED

Comment 2 Dave Hodgins 2021-04-28 23:44:40 CEST 
Also, once you've added your id to the wireshark group, don't forget to logout
and back in, for the change to take effect.

CC: (none) => davidwhodgins

Comment 3 Aurelien Oudelet 2021-04-30 15:47:49 CEST 
@reporter, can you try that is described in Comment 1?

CC: (none) => ouaurelien

Comment 4 Aurelien Oudelet 2021-05-08 15:27:08 CEST 
Reporter, could you please reply to the previous question? If you don't reply within two weeks from now, I will have to close this bug as OLD. Thank you.

Keywords: (none) => NEEDINFO

Aurelien Oudelet 2021-05-16 02:20:28 CEST

Depends on: (none) => 28915

David Walser 2021-05-16 02:22:04 CEST

Depends on: 28915 => (none)

Comment 5 David Walser 2021-05-16 02:23:04 CEST 
This is INVALID.  Lewis and Dave already explained what the reporter missed.

Resolution: (none) => INVALID
Status: UNCONFIRMED => RESOLVED

Comment 6 Aurelien Oudelet 2021-05-16 02:24:12 CEST 
Right.