Wireshark mailing list archives

Re: Unable to get tshark to capture packets when running as user on RHEL 4.6, HP-UX 11.31

From: Guy Harris <guy () alum mit edu>
Date: Tue, 18 May 2010 10:58:26 -0700


On May 18, 2010, at 10:50 AM, Fisher, AJ wrote:

I can capture packets just fine when I run tshark as root but not as local user.

This is the output I get as user on RHEL 4.6:

$ tshark
Capturing on eth0
0 packets captured


I'm surprised that it's not giving you an error on Linux.  What's printed if you run it under strace?

This is the output I get when I run as user on HP-UX 11.31:
$ tshark
tshark: Couldn't load module /opt/iexpress/wireshark/lib/wireshark/plugins/1.0.11/asn1.so: Unsatisfied code symbol 
'g_node_insert_before' in load module '/opt/iexpress/wireshark/lib/wireshark/plugins/1.0.11/asn1.so'.
Capturing on lan0
tshark: Can't install filter (recv_ack: promisc_phys: UNIX error - Not owner).


You cannot capture promiscuously on HP-UX unless you're root.

If you only want to capture traffic to and from the HP machine, and broadcast and multicast traffic received by the HP 
machine, use "tshark -p", to turn promiscuous mode off.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Unable to get tshark to capture packets when running as user on RHEL 4.6, HP-UX 11.31 Fisher, AJ (May 18)
- Re: Unable to get tshark to capture packets when running as user on RHEL 4.6, HP-UX 11.31 Guy Harris (May 18)
- <Possible follow-ups>
- Re: Unable to get tshark to capture packets when running as user on RHEL 4.6, HP-UX 11.31 Fisher, AJ (May 18)
  - Re: Unable to get tshark to capture packets when running as user on RHEL 4.6, HP-UX 11.31 Guy Harris (May 18)