Description of problem: Wireshark /usr/bin/dumpcap cannot be run. Version-Release number of selected component (if applicable): wireshark - Network traffic analyzer 3.4.3 How reproducible: Steps to Reproduce: 1. Install Wireshark 3.4.3 2. Run wireshark 3. A message will appear saying that /usr/bin/dumpcap could not run. I fixed this by using chmod a+xrw /usr/bin/dumpcap Probably this could be fixed on the next package release. ;-) Regards
I wonder whether this is because 'dumpcap' is supposed to be run either as root, or by users in the wireshark group - to which they have to be specifically added: >>> 1. Using dumpcap without allowing non-root users to capture packets Only root user will be able to capture packets. It is advised to capture packets with the bundled dumpcap program as root and then run Wireshark/Tshark as an ordinary user to analyze the captured logs. [1] This is the default. 2. Using dumpcap and allowing non-root users to capture packets Members of the wireshark group will be able to capture packets on network interfaces. This is the preferred way of installation if Wireshark/Tshark will be used for capturing and displaying packets at the same time, since that way only the dumpcap process has to be run with elevated privileges thanks to the privilege separation [2]. Note that no user will be added to group wireshark automatically, the system administrator has to add them manually. [1] http://wiki.wireshark.org/CaptureSetup/CapturePrivileges [2] http://wiki.wireshark.org/Development/PrivilegeSeparation <<< I just installed wireshark (+ dumpcap) : $ ls -l /usr/bin/dumpcap -rwsr-x--- 1 root wireshark 121904 Ebr 2 21:38 /usr/bin/dumpcap* which looks correct. Please say whether you problem comes from not heeding the rules - or in spite of doing so.
CC: (none) => lewyssmithEver confirmed: 1 => 0Status: NEW => UNCONFIRMED
Also, once you've added your id to the wireshark group, don't forget to logout and back in, for the change to take effect.
CC: (none) => davidwhodgins
@reporter, can you try that is described in Comment 1?
CC: (none) => ouaurelien
Reporter, could you please reply to the previous question? If you don't reply within two weeks from now, I will have to close this bug as OLD. Thank you.
Keywords: (none) => NEEDINFO
Depends on: (none) => 28915
Depends on: 28915 => (none)
This is INVALID. Lewis and Dave already explained what the reporter missed.
Resolution: (none) => INVALIDStatus: UNCONFIRMED => RESOLVED
Right.