Wireshark-users: Re: Unable to get tshark to capture packets when running as user on RHEL 4.6, HP-UX 11.31

["Fisher, AJ" <aj.fisher () boeing com>]

Guy Harris wrote:

> Is there a "dumpcap" program installed?  I'd forgotten when we made dumpcap the program that does all the capturing - 
> I guess it was before the 1.0 release.

> I'm a bit surprised that the error message sent up the pipe wasn't reported by tshark.  I'll have to try that with a 
> newer version of Wireshark.

> If there's a dumpcap program installed, you can probably make it set-UID root, which should allow you to capture as an 
> ordinary user.  (You really don't want to run the N million lines of Wireshark/TShark code as root.)

BINGO! After "chmod 4755 /usr/sbin/dumpcap root" I can now run tshark as user! Thanks Guy!

As for the HP-UX 11.31 "tshark -p" and without the "-p" flag here is the command/output:

$ tshark
tshark: Couldn't load module /opt/iexpress/wireshark/lib/wireshark/plugins/1.0.11/asn1.so: Unsatisfied code symbol 
'g_node_insert_before' in load module '/opt/iexpress/wireshark/lib/wireshark/plugins/1.0.11/asn1.so'.
Capturing on lan0
tshark: Can't install filter (recv_ack: promisc_phys: UNIX error - Not owner).
Please report this to the Wireshark developers.
(This is not a crash; please do not report it as such.)
0 packets captured

AJ Fisher
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe