3

My goal is to capture packets with tshark in Amazon Linux AMI. While typing tshark in the command line there's an error: "tshark: There are no interfaces on which a capture can be done"

How to implement the solution from Wireshark setup Linux for nonroot user

$ sudo apt-get install wireshark
$ sudo dpkg-reconfigure wireshark-common 
$ sudo usermod -a -G wireshark $USER
$ gnome-session-quit --logout --no-prompt

in Amazon Linux AMI (it's not Ubuntu)?

Anthon
  • 79,293
rokpoto.com
  • 399

1 Answers1

4

Using sudo

I think you need to find out what interface is being used for your network and then just tell tshark about it.

Example

Network devices present on my box.

$ ip addr|grep '^[0-9]'|awk '{print $2}'
lo:
eth0:
wlan0:

Run tshark:

$ sudo tshark -i wlan0 | head -5
..start seeing output from tshark...

Using capabilities

The Amazon AMI instances are based on CentOS so you may be able to use the following steps to accomplish what you're after.

$ sudo groupadd wireshark
$ sudo usermod -a -G wireshark saml
$ setcap cap_net_raw,cap_net_admin=eip /usr/sbin/dumpcap

The above creates the Unix group wireshark, adds the user saml to it, and then adds the capabilities using the tool setcap to allow others access to the dumpcap file.

Example

$ tshark -i wlan0
Capturing on wlan0
  0.000000 108.160.163.38 -> 192.168.1.20 HTTP HTTP/1.1 200 OK  (text/plain)
  0.087199 108.160.163.38 -> 192.168.1.20 TCP http > 38987 [ACK] Seq=180 Ack=352 Win=83 Len=0 TSV=144745749 TSER=195830096
  0.253077 192.168.1.20 -> 255.255.255.255 DB-LSP-DISC Dropbox LAN sync Discovery Protocol
  0.253360 192.168.1.20 -> 192.168.1.255 DB-LSP-DISC Dropbox LAN sync Discovery Protocol
  0.779785 192.168.1.20 -> 74.125.225.115 HTTP HEAD / HTTP/1.1 
...

You can read more about Linux' capabilities facility via the man pages, man capabilities.

References

slm
  • 369,824