Ubuntu – wireshark config/packet socket support

networkingwireshark

Day Three of using Ubuntu and yet another question.

Today I installed Wireshark. Upon starting for the first time, I am told that "No interface can be used for capturing in this system with the current configuration"

below that is "Capture Help"
followed by "HOW TO CAPTURE – A step by step guide to a successful capture set up"
Guide is as follows:

How To Set Up a Capture

Step 1: Are you allowed to do this?

Step 2: General Setup

Step 3: Capture traffic "sent to" and "sent from" your local machine

Step 4: Capture traffic destined for machines other than your own

Step 5: Capture traffic using a remote machine

Step 1, ok !
Step 2 is where i am stuck…

You will need to make sure the machine on which you're running is configured to support packet capture, e.g. you might need a capture driver installed. The way this is done differs from operating system to operating system."

Linux

On Linux, you need to have "packet socket" support enabled in your kernel; see the "Packet socket" item in the Linux "Configure.help" file. Your distribution might enable this by default in the kernel."

Could somebody please tell me how I go about having packet socket support enabled please ?

Many thanks in anticipation

Best Answer

The "No interface can be used for capturing in this system with the current configuration" message commonly appears when you don't have the privileges to access the network interfaces for monitoring. Try opening a terminal and running gksudo wireshark. If several network interfaces appear, it's because when you run wireshark without root permissions you don't have the privileges to monitor.

To fix that, run the following command in a terminal:

sudo setcap CAP_NET_RAW,CAP_NET_ADMIN,CAP_DAC_OVERRIDE+eip /usr/bin/dumpcap

a little explanation is available on this other AskUbuntu question

Related Solutions

Ubuntu – Installing Wireshark

In this example, debbase is the provided username. Replace it with your username. This would be the one you entered when you installed and set up Ubuntu.

You can also find your username by entering a shell and typing:

whoami

What that command does is adds the user debbase to the group wireshark

TP-Link Driver – How to Install for TL-WN722N on Ubuntu 14.04

Part One

Open a terminal and run the following commands:

First, you will need to install a few applications to build and compile from source:

sudo apt-get update
sudo apt-get dist-upgrade
apt-get install gcc build-essential linux-headers-generic linux-headers-`uname -r`

Save any unsaved work and reboot. When you sign back in, open a terminal.

Part Two

Download the needed file:

wget https://www.kernel.org/pub/linux/kernel/projects/backports/stable/v4.4.2/backports-4.4.2-1.tar.gz

Now, unzip the tar.gz file:

tar xvfz backports-4.4.2-1.tar.gz

Then, c hange your d irectory to the uncompressed file:

cd backports-4.4.2-1

Because there is a Makefile, we will be using the make command. First, clean the build area by typing this command:

sudo make clean

Then, use this command to build and compile:

sudo make

You should receive an error and some instructions. Following these instructions to specify the driver you want to build and install by running the following command:

sudo make defconfig-ath9k

Now, run make again:

sudo make

This time you should receive no errors. This may take some time to finish. When it is done, install the driver with the following command:

sudo make install

You will see some messages saying something about a key. These errors can safely be ignored and should not impact the overall outcome.

Part Three

Now, run these two commands in an open terminal to load the driver modules at boot time.

echo "ath9k" | sudo tee -a /etc/modules

echo "ath9k_htc" | sudo tee -a /etc/modules

For the next command, I will use gedit as the text editor but you can use nano, leafpad, kate, mousepad or any text editor.

sudo gedit /etc/rc.local

Now, we need to insert the following two lines before "exit 0" so the last four lines of the file should look exactly like this:

# Declare TP-WN727N USB ID to ath9k_htc module
echo "148F 7601" | tee /sys/bus/usb/drivers/ath9k_htc/new_id

exit 0

Click on save before exiting out of gedit.

Part Four

Finally, the script mentions something about updating your initramfs. It might not be needed but these are kernel modules so that's what we will do by running the following command:

sudo update-initramfs -k all -u

and don't forget to update grub when you are done:

sudo update-grub

Save any unsaved work, leave the device plugged in and reboot for these changes to take effect.

Best Answer

Related Solutions

Ubuntu – Installing Wireshark

TP-Link Driver – How to Install for TL-WN722N on Ubuntu 14.04

Related Question