Categories
Ubuntu

Wireshark missing interfaces on Ubuntu 10.10

The old Dell laptop that I use for packet sniffing was in need of a rebuild after I had been experimenting with Zabbix. In hindsight, I shouldn’t have used the laptop that has become my network toolkit. I had well and truly messed it up and I was desperate to get it operational again.

Ubuntu 10.10 had recently been released and I had already downloaded the ISO images overnight. With a freshly burned CDR in my hand, I set about installing the new version. This laptop is primarily a network analysis tool so Wireshark was naturally the first application to be installed. It wasn’t long before I found that 10.10 has the same missing interface problem that I had experienced with 10.04. “No problem” I thought. “I will just use the fix that I found for 10.04“. Well, that didn’t work either. I left it for a day to have a think, and came back to it with a solution that I found on Launchpad. The fix is as follows.
In a terminal session, execute these commands:-

sudo addgroup –quiet –system wireshark
sudo chown root:wireshark /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

Using your favourite text editor, add your user id to the wireshark group in /etc/group or use usermod instead:-

sudo usermod -a -G wireshark vince

Reconfigure the Wireshark Common package and answer ‘Yes’ to the question ‘Should non-superusers be able to capture packets?’ :-

sudo dpkg-reconfigure wireshark-common

Reboot, login and test Wireshark. The missing interfaces should be present now.

5 replies on “Wireshark missing interfaces on Ubuntu 10.10”

Great article! Worked perfect. I just shamelessly copy-pasted the code, and it worked great. Guess I just opened allot of security risks on my PC, since you don’t explain what the commands do :p

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.