Lee wrote: > > > >> > > >> > However when I startup wireshark from the GUI, it does not show the > >> > physical interfaces in the list of interfaces to capture from, so I > >> > cannot really capture anything from the non-root user. When started > >> > via sudo, it does show enp3s0 and other interfaces and can capture. > >> > > >> > What am I missing? > >> > >> See if the interfaces have been hidden from the GUI. eg > >> $ grep devices_hide .config/wireshark/preferences > >> capture.devices_hide: any,nflog,nfqueue,dbus-system,dbus-session > > > > Nothing much there: > > > > $ grep devices_hide .config/wireshark/preferences > > #capture.devices_hide: > > > >> > >> Or check from the GUI: > >> Capture / Refresh Interfaces > > > > Does not add the NICs to the list. > > > >> Capture / Options > >> select the Input tab and click Manage Interfaces > >> select the Local Interfaces tab and make sure there's a checkmark > >> under Show for all the physical interface names > > > > I don't see any physical interfaces there, this is all I see: > > https://ibb.co/190ytwv > > Have you looked at > https://www.wireshark.org/faq.html#capprobunix
Yes, I have, and I have also read https://gitlab.com/wireshark/wireshark/-/raw/master/packaging/debian/README.Debian > > I have a vague memory of having to do > sudo dpkg-reconfigure wireshark-common > a few years ago before I was able to capture packets without using sudo All this command does IMHO is create the "wireshark" group with sufficient privileges to capture packets. I clearly remember answering "Yes" to that question while installing Wireshark. That is why I wrote in my first mail that dumpcap can list interfaces and capture packets when run from my account: $ whoami ; dumpcap -D vas 1. enp3s0 2. any 3. lo (Loopback) 4. bluetooth-monitor 5. nflog 6. nfqueue 7. dbus-system 8. dbus-session $ -- Victor Sudakov VAS4-RIPE http://vas.tomsk.ru/ 2:5005/49@fidonet
signature.asc
Description: PGP signature
