The old Dell laptop that I use for packet sniffing was in need of a rebuild after I had been experimenting with Zabbix. In hindsight, I shouldn’t have used the laptop that has become my network toolkit. I had well and truly messed it up and I was desperate to get it operational again.
Ubuntu 10.10 had recently been released and I had already downloaded the ISO images overnight. With a freshly burned CDR in my hand, I set about installing the new version. This laptop is primarily a network analysis tool so Wireshark was naturally the first application to be installed. It wasn’t long before I found that 10.10 has the same missing interface problem that I had experienced with 10.04. “No problem” I thought. “I will just use the fix that I found for 10.04“. Well, that didn’t work either. I left it for a day to have a think, and came back to it with a solution that I found on Launchpad. The fix is as follows.
In a terminal session, execute these commands:-
sudo addgroup –quiet –system wireshark
sudo chown root:wireshark /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
Using your favourite text editor, add your user id to the wireshark group in /etc/group or use usermod instead:-
sudo usermod -a -G wireshark vince
Reconfigure the Wireshark Common package and answer ‘Yes’ to the question ‘Should non-superusers be able to capture packets?’ :-
sudo dpkg-reconfigure wireshark-common
Reboot, login and test Wireshark. The missing interfaces should be present now.