Hello
On 2023-04-29 17:33, Lee wrote:
On 4/29/23, Victor Sudakov wrote:
Lee wrote:
On 4/29/23, Victor Sudakov wrote:
[dd]
>
> However when I startup wireshark from the GUI, it does not show the
> physical interfaces in the list of interfaces to capture from, so I
> cannot really capture anything from the non-root user. When started
> via sudo, it does show enp3s0 and other interfaces and can capture.
>
> What am I missing?
See if the interfaces have been hidden from the GUI. eg
$ grep devices_hide .config/wireshark/preferences
capture.devices_hide: any,nflog,nfqueue,dbus-system,dbus-session
Nothing much there:
$ grep devices_hide .config/wireshark/preferences
#capture.devices_hide:
Or check from the GUI:
Capture / Refresh Interfaces
Does not add the NICs to the list.
Capture / Options
select the Input tab and click Manage Interfaces
select the Local Interfaces tab and make sure there's a checkmark
under Show for all the physical interface names
I don't see any physical interfaces there, this is all I see:
https://ibb.co/190ytwv
Have you looked at
https://www.wireshark.org/faq.html#capprobunix
I have a vague memory of having to do
sudo dpkg-reconfigure wireshark-common
a few years ago before I was able to capture packets without using sudo
Good memory, actually. The full steps are
$ sudo dpkg-reconfigure wireshark-common # [1]
Should non-superusers be able to capture packets => Yes
$ sudo usermod -a -G wireshark $USER # [1]
$ newgrp wireshark
$ groups # The output should now include "wireshark" group name
1. Or execute these commands as root, if sudo is not installed.
Regards
Lee
