Wireshark-dev: Re: [Wireshark-dev] Missing dumpcap when building 3.1.1
Date Prev · Date Next · Thread Prev · Thread Next
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 29 Nov 2019 11:17:25 -0800
On Nov 29, 2019, at 6:02 AM, Tom Bentley <t.j.bentley@xxxxxxxxx> wrote:

> I downloaded and built wireshark 3.1.1 from the website. When I run/wireshark the gui appears, but there in the "Capture" pane it says "No interfaces found". Furthermore (maybe related, maybe not) I had expected `dumpcap` to be in the run directory, but it's missing). So I'm wondering how I managed to mess up the build and what I need to do to fix it. 

On what operating system is this?

If it's Windows:

	The "You have to build all projects in Visual Studio" part of Roland Knall's first answer might apply, as might the "or on the console" part, although you'd have to use msbuild rather than make.

If it's a UN*X of some sort:

	A top-level "make" or "ninja" from the command line should have built everything; you should not have needed to build dumpcap separately, as Dario Lombardo said in his answer.

	And, once you've build dumpcap, you may have to set it up to run with special privileges, as per Roland Knall's second answer.  If you're going to *install* Wireshark, there's a CMake option DUMPCAP_INSTALL_OPTION that can be set to:

		"normal" - this means it gets no special privileges, which won't work on your OS, as you've found;

		"suid" - this means it will be installed set-UID root, which should be sufficient on all platforms;

		"capabilities" - this is Linux-only, and should be sufficient to capture on network interfaces, but not on, for example, USB buses.

	"capabilities" is safer than "suid", as it grants fewer capabilities, but 1) it's available only on Linux and 2) isn't sufficient for some devices such as USB buses (you can still capture on USB *network adapters*, but you can't capture raw USB traffic if you're trying to analyze that rather than network traffic).

	if you install "suid", you might want to limit the executability of dumpcap to users in a particular group, so not everybody can run the set-UID dumpcap.  If so, you need to set another CMake option, DUMPCAP_INSTALL_GROUP, to the name of that group - the default is a group named "wireshark".  Only users in that group will be able to run dumpcap and thus only users in that group will be able to capture traffic with Wireshark.

	However, that's done as part of the installation process; if you want to run Wireshark from the build directory, you'll have to set the permissions etc. on dumpcap yourself, as per the page linked to by Roland Knall's second answer - and change the paths for dumpcap to the path to the dumpcap in the build directory.