I installed wireshark. Ran it. When I click on 'Interface List', I get a list of 0 interfaces. I think that means I have some kind of configuration problem.
I'm guessing my kernel isn't configured for it? How do I fix that? I'm hoping there is an easier solution than manually recompiling the kernel.
You need to run wireshark as root. I'm not sure whether the launcher is set to do this yet but try plugging this into a terminal:
To make life easier on yourself, I suggest you edit the launcher (right click the menu → click edit menus → find wireshark and change prepend its command with
gksu
).Alternatively, you can use
setcap
to allow non-root users to usedumpcap
(the application that does all the capturing that WireShark uses):This is essentially from the WireShark Wiki. I had seen this before I posted the above but I wasn't confident in it. After seeing it again in the comments, I gave it a test today and it appears to work.
This has a security issue too, though...
Any user or process on the system can now monitor network traffic without user intervention. Think exploited service or genuine user. The wiki does have another setting where you can limit
dumpcap
to one group of users (and you add your account to that group) but this is only marginally better. What happens if your browser has an exploitable flaw, that allows somebody to fire off commands (does occasionally happen)?In my eyes this is more of a security risk than going through
gksu
. At least that way you need to enter a password.The following way will limit capturing packets to a specific user(s) and not run wireshark as root.
First, run
sudo dpkg-reconfigure wireshark-common
. Select 'yes' when asked. This will make a wireshark group whose members are allowed to capture packets.Second, run
sudo usermod -a -G wireshark <yourloginname>
This will add you to the wireshark group.Third, log out and then back in. This will apply the group changes.
Now you should be able to run wireshark as your user and have it allow you to capture packets. If you want to add additional users, just repeat steps 2 and 3 for the additional users.
From reading the wireshark wiki, this method sounds like the most recommended way to do it.