On 4/29/23, Victor Sudakov <v...@sibptus.ru> wrote: > Dear Colleages, > > My user is a member of the "wireshark" group and can start /usr/bin/dumpcap > all right: > > $ ls -al /usr/bin/dumpcap > -rwxr-xr-- 1 root wireshark 129696 мар 4 2022 /usr/bin/dumpcap > > $ id > uid=1000(vas) gid=1000(vas) > группы=1000(vas),4(adm),20(dialout),21(fax),24(cdrom),25(floppy),26(tape),27(sudo),30(dip),44(video),46(plugdev),121(lpadmin),136(lxd),137(sambashare),138(wireshark),1002(admin) > > $ /usr/bin/dumpcap > Capturing on 'enp3s0' > File: /tmp/wireshark_enp3s0Y3LW31.pcapng > Packets captured: 126 > Packets received/dropped on interface 'enp3s0': 126/0 > (pcap:0/dumpcap:0/flushed:0/ps_ifdrop:0) (100.0%) > $ > > However when I startup wireshark from the GUI, it does not show the > physical interfaces in the list of interfaces to capture from, so I > cannot really capture anything from the non-root user. When started > via sudo, it does show enp3s0 and other interfaces and can capture. > > What am I missing?
See if the interfaces have been hidden from the GUI. eg $ grep devices_hide .config/wireshark/preferences capture.devices_hide: any,nflog,nfqueue,dbus-system,dbus-session Or check from the GUI: Capture / Refresh Interfaces Capture / Options select the Input tab and click Manage Interfaces select the Local Interfaces tab and make sure there's a checkmark under Show for all the physical interface names Regards, Lee
