Can't get Wireshark to run as user on CentOS

Question

It's the first time I'm installing and configuring Wireshark in a rpm-based distro. In the past I've installed it properly on Ubuntu, Mint or Debian.

Don't know why, but it seems I cannot run it as standard user. I've done the process of creating the wireshark group and adding the user to that group and then change the group of dumpcap to wireshark, but no way, it doesn't work.

In .deb systems I haven't had any problem following such steps, so don't know what could be missing.

Thoughts?

Which CentOS major version? It might be capabilities play a role here. — Nils, Nov 08 '13 at 22:28
See my answer, I wrote up this exact issue for Amazon AMI which is based on CentOS. — slm, Nov 08 '13 at 22:35
@slm Yes - so it is the capability problem. Introduced with RH 6 afaik. — Nils, Nov 14 '13 at 14:40

score 7 · Answer 1 · edited Apr 13 '17 at 12:36

7

See my answer to this other U&L Q&A titled: “tshark: There are no interfaces on which a capture can be done” in Amazon Linux AMI. The Amazon AMI images are based on CentOS images and so the steps I outlined in that answer should apply here as well.

You need to perform the following steps to allow non-root users access to the dumpcap file so that they can open it for use within tshark/wireshark.

$ sudo groupadd wireshark
$ sudo usermod -a -G wireshark saml
$ setcap cap_net_raw,cap_net_admin=eip /usr/sbin/dumpcap

NOTE: It should be noted here that after making the above changes you'll need to logout and log back in so that the new group gets picked up by your username. You can confirm with the groups command.

$ groups
saml wheel wireshark

Launching wireshark

Once you've made the above changes you can now launch wireshark. It should be noted that when you run it you'll still be presented with a dialog which makes you think it didn't work, but this is just giving you the opportunity to either run wireshark as yourself, "unprivileged", or as root.

Step #1: After launching, you'll see this dialog.

ss #1

Step #2: If you select unprivileged, you'll be presented with the main wireshark GUI:

ss #2

Step #3: If you select the available devices, you'll notice that you can see these in promiscuous mode, which typically is not an option without the above capabilities changes:

ss #3

edited Apr 13 '17 at 12:36

Community

1

answered Nov 08 '13 at 22:35

slm

369,824

That's what I did... running tshark works, however, running wireshark keeps prompting for root password. – Nov 08 '13 at 22:56
Is sudo an option? There is this method: https://wiki.archlinux.org/index.php/wireshark – slm Nov 08 '13 at 23:37
@yzt - Incidentally when I run this as a non-root user I get a dialog that asks if I want to run it unprivileged. Do you get this same dialog? – slm Nov 08 '13 at 23:59
seems it's working since I configured it, just that it didn't work as I was used. In other systems, when Wireshark is configured to run as non-root, it opens directly to the capture window. However, in CentOS it keeps prompting for either write root password or run unprivileged, what I mistakenly considered was wrong (assuming my previous experience). But just clicking on run unprivileged is working, not by default but after perform the steps I said on the body of my question or your answer, which are the same explained on Wireshark's wiki. – Nov 09 '13 at 11:21
@yzT - see updates. I've added the dialogs and described the situation in more details. Sorry I thought that part was self explanatory. – slm Nov 09 '13 at 13:35

Can't get Wireshark to run as user on CentOS

1 Answers1

Launching wireshark

Linked

Related