28852 – Wireshark /usr/bin/dumpcap cannot be run.

Bug 28852 - Wireshark /usr/bin/dumpcap cannot be run.

Summary: Wireshark /usr/bin/dumpcap cannot be run.

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:

URL:
Whiteboard:
Keywords:	NEEDINFO

Depends on:
Blocks:

Reported:	2021-04-28 20:03 CEST by Ezequiel Partida
Modified:	2021-05-16 02:24 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Ezequiel Partida 2021-04-28 20:03:24 CEST

Description of problem:

Wireshark /usr/bin/dumpcap cannot be run.

Version-Release number of selected component (if applicable):

wireshark - Network traffic analyzer   3.4.3

How reproducible:

Steps to Reproduce:
1.  Install Wireshark 3.4.3
2.  Run wireshark
3.  A message will appear saying that /usr/bin/dumpcap could not run.

I fixed this by using chmod a+xrw /usr/bin/dumpcap

Probably this could be fixed on the next package release. ;-)

Regards

Comment 1 Lewis Smith 2021-04-28 20:27:42 CEST

I wonder whether this is because 'dumpcap' is supposed to be run either as root, or by users in the wireshark group - to which they have to be specifically added:
>>>
1. Using dumpcap without allowing non-root users to capture packets

   Only root user will be able to capture packets. It is advised to capture
   packets with the bundled dumpcap program as root and then run 
   Wireshark/Tshark as an ordinary user to analyze the captured logs. [1]

   This is the default.

2. Using dumpcap and allowing non-root users to capture packets

   Members of the wireshark group will be able to capture packets on network 
   interfaces. This is the preferred way of installation if Wireshark/Tshark
   will be used for capturing and displaying packets at the same time, since
   that way only the dumpcap process has to be run with elevated privileges 
   thanks to the privilege separation [2].

   Note that no user will be added to group wireshark automatically, the 
   system administrator has to add them manually.

   [1] http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
   [2] http://wiki.wireshark.org/Development/PrivilegeSeparation
<<<

I just installed wireshark (+ dumpcap) :
 $ ls -l /usr/bin/dumpcap 
 -rwsr-x--- 1 root wireshark 121904 Ebr   2 21:38 /usr/bin/dumpcap*
which looks correct.

Please say whether you problem comes from not heeding the rules - or in spite of doing so.

CC: (none) => lewyssmith
Ever confirmed: 1 => 0
Status: NEW => UNCONFIRMED

Comment 2 Dave Hodgins 2021-04-28 23:44:40 CEST

Also, once you've added your id to the wireshark group, don't forget to logout
and back in, for the change to take effect.

CC: (none) => davidwhodgins

Comment 3 Aurelien Oudelet 2021-04-30 15:47:49 CEST

@reporter, can you try that is described in Comment 1?

CC: (none) => ouaurelien

Comment 4 Aurelien Oudelet 2021-05-08 15:27:08 CEST

Reporter, could you please reply to the previous question? If you don't reply within two weeks from now, I will have to close this bug as OLD. Thank you.

Keywords: (none) => NEEDINFO

Aurelien Oudelet 2021-05-16 02:20:28 CEST

Depends on: (none) => 28915

David Walser 2021-05-16 02:22:04 CEST

Depends on: 28915 => (none)

Comment 5 David Walser 2021-05-16 02:23:04 CEST

This is INVALID.  Lewis and Dave already explained what the reporter missed.

Resolution: (none) => INVALID
Status: UNCONFIRMED => RESOLVED

Comment 6 Aurelien Oudelet 2021-05-16 02:24:12 CEST

Right.

Note You need to log in before you can comment on or make changes to this bug.