Wireshark · Wireshark-users: [Wireshark-users] Unable to get tshark to capture packets when running as user on RHEL 4.6, HP-UX 11

Wireshark-users: [Wireshark-users] Unable to get tshark to capture packets when running as user o

From: "Fisher, AJ" <aj.fisher@xxxxxxxxxx>

Date: Tue, 18 May 2010 10:50:52 -0700

I can capture packets just fine when I run tshark as root but not as local user.

This is the output I get as user on RHEL 4.6:

$ tshark
Capturing on eth0
0 packets captured

This is the output I get when I run as user on HP-UX 11.31:
$ tshark
tshark: Couldn't load module /opt/iexpress/wireshark/lib/wireshark/plugins/1.0.11/asn1.so: Unsatisfied code symbol 'g_node_insert_before' in load module '/opt/iexpress/wireshark/lib/wireshark/plugins/1.0.11/asn1.so'.
Capturing on lan0
tshark: Can't install filter (recv_ack: promisc_phys: UNIX error - Not owner).
Please report this to the Wireshark developers.
(This is not a crash; please do not report it as such.)
0 packets captured

I can capture packets just fine when I run as root...

The permissions seem fine:

RHEL 4.6:
# ls -l /usr/sbin/tshark
-rwxr-xr-x  1 root root 202808 Jan  8  2008 /usr/sbin/tshark

HP-UX 11.31:
# ls -l /usr/bin/tshark
lrwxr-xr-x   1 root       sys             34 May 18 09:36 /usr/bin/tshark -> /opt/iexpress/wireshark/bin/tshark


AJ Fisher

Follow-Ups:
- Re: [Wireshark-users] Unable to get tshark to capture packets when running as user on RHEL 4.6, HP-UX 11.31
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] Wireshark CLI Viewing
Next by Date: Re: [Wireshark-users] The capturefile appears to be damaged orcorrupt. (pcap: Fileshas 109736-byte packet, bigger than maximum of 65535)
Previous by thread: Re: [Wireshark-users] Wireshark CLI Viewing
Next by thread: Re: [Wireshark-users] Unable to get tshark to capture packets when running as user on RHEL 4.6, HP-UX 11.31
Index(es):
- Date
- Thread