Community Packages

Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#44465 - [wireshark-cli] Permissions not set to allow non-root users to use usbmon

Attached to Project: Community Packages
Opened by Steven Honeyman (stevenhoneyman) - Saturday, 04 April 2015, 17:59 GMT
Last edited by Timothy Redaelli (tredaelli) - Tuesday, 12 January 2016, 13:44 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Timothy Redaelli (tredaelli)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
usbmon doesn't capture any traffic when run as a user in the wireshark group

Additional info:
* package version(s) 1.12.4-2

Steps to reproduce:
$ sudo mount -t debugfs debugfs /sys/kernel/debug
$ sudo modprobe usbmon
$ wireshark
(try and capture usb)

Solution: (stolen from elsewhere online)
# setcap CAP_NET_RAW,CAP_NET_ADMIN,CAP_DAC_OVERRIDE+eip /usr/bin/dumpcap
This task depends upon

Closed by  Timothy Redaelli (tredaelli)
Tuesday, 12 January 2016, 13:44 GMT
Reason for closing:  Fixed
Additional comments about closing:  In 2.0.1-2
Comment by Doug Newgard (Scimmia) - Sunday, 05 April 2015, 04:08 GMT
The install script already runs `setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' usr/bin/dumpcap`, is this not sufficient or was there a problem specific to your system?
Comment by Steven Honeyman (stevenhoneyman) - Sunday, 05 April 2015, 14:04 GMT
It's sufficient for network capture, but not usb. I've just double checked to make sure:

$ setcap -v CAP_NET_RAW,CAP_NET_ADMIN+pie /usr/bin/dumpcap
/usr/bin/dumpcap: OK
$ wireshark
("None" where the counter should be for traffic next to usbmon1)
$ sudo setcap CAP_NET_RAW,CAP_NET_ADMIN,CAP_DAC_OVERRIDE+pie /usr/bin/dumpcap
$ wireshark
(usbmon1 increasing packet count)

Without cap_dac_override the usbmon entries are shown (e.g. dumpcap -D), but are not accessible


Loading...