Just so you know, your not alone, I get the same results as you...
$ pwd
/home/test
$
$ sudo dumpcap -w test.pcap
The file to which the capture would be saved ("test.pcap") could not be opened: Permission denied.
$
$ sudo dumpcap -w /home/test/test.pcap
The file to which the capture would be saved ("/home/test/test.pcap") could not be opened: Permission denied.
$
I did go a step further and touched a test.pcap file. Still didn't work with these permissions:
-rw-rw-r-- 1 test test 0 2012-03-21 08:00 test.pcap
I then changed it to full rwx permissions and it worked:
-rwxrwxrwx 1 test test 0 2012-03-21 08:00 test.pcap
$ sudo dumpcap -w test.pcap
File: test.pcap
Packets captured: 18
Packets received/dropped on interface eth0: 26/0
$
I leave it to someone better at Linux than me to figure out why...
Wes
--- On Wed, 3/21/12, RUOFF, LARS (LARS)** CTR ** <lars.ruoff@xxxxxxxxxxxxxxxxxx> wrote:
> From: RUOFF, LARS (LARS)** CTR ** <lars.ruoff@xxxxxxxxxxxxxxxxxx>
> Subject: Re: [Wireshark-users] dumpcap permissions - Quick help for Ubuntu newbie needed
> To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
> Date: Wednesday, March 21, 2012, 4:39 AM
> Ok, just for completeness so it might
> help others too, i need to be root AND in root's home dir to
> caputre:
>
> $ whoami
> dummy
> $ pwd
> /home/dummy
> $ dumpcap -w test.pcap
> dumpcap: There are no interfaces on which a capture can be
> done
> $ sudo dumpcap -w test.pcap
> [sudo] password for dummy:
> The file to which the capture would be saved ("test.pcap")
> could not be opened: Permission denied.
> $ su root
> Password:
> # whoami
> root
> # dumpcap -w test.pcap
> The file to which the capture would be saved ("test.pcap")
> could not be opened: Permission denied.
> # cd ~
> # pwd
> /root
> # dumpcap -w test.pcap
> File: test.pcap
>
> Packets: 38
> Packets: 76 ^C
> Packets: 93 Packets dropped: 0
>
> Regards,
> Lars
>
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx]
> On Behalf Of Joerg Mayer
> Sent: mardi 20 mars 2012 17:33
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] dumpcap permissions - Quick
> help for Ubuntu newbie needed
>
> Hello Lars,
>
> On Tue, Mar 20, 2012 at 05:04:06PM +0100, RUOFF, LARS
> (LARS)** CTR ** wrote:
> > On an Ubunutu 10.04, I tried to
> > sudo dumpcap -w d1.pcap
> >
> > which gave me:
> > The file to which the capture would be saved
> ("d1.pcap") could not be opened: Permission denied.
> >
> > according to my naive Linux knowledge, i would have
> expected "sudo" to give me all the necessary permissions.
> > What am i missing here?
>
> Maybe Ubuntu drops permissions once it has openend the
> capture devices.
> So the capture devices have been opened before dropping
> privileges but the output files were opened after dropping
> privileges. At least Debian does it like this when I
> call wireshark/tshark.
>
> Ciao
> Jörg
> --
> Joerg Mayer
>
> <jmayer@xxxxxxxxx>
> We are stuck with technology when what we really want is
> just stuff that works. Some say that should read Microsoft
> instead of technology.
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
