Wireshark-users: Re: [Wireshark-users] Wireshark hangs Ubuntu 9.10
From: Hrishikesh Murali <fnkygy@xxxxxxxxx>
Date: Sat, 5 Dec 2009 11:13:43 +0530
Hi,

On Sat, Dec 5, 2009 at 8:23 AM, Rick Horowitz <rickhoro@xxxxxxxxx> wrote:
Hi,
To work around this, I ran wireshark with:
> sudo wireshark
 
I had reported a bug (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4293) about this. I had the same problem, I have Ubuntu 9.10 Karmic Koala i386 arch. One workaround is changing the menu item to "gksu wireshark" so that you don't need to manually start each time, but this again is the same as "sudo wireshark".

A discussion was going on about how to implement this (Thanks to Gerald Combs, Jaap Keuter and Stephen Fisher). You can see the comments in the bug page. Instead of running wireshark as root, do the following:
$ sudo chown root /path/to/dumpcap
$ sudo chgrp capture /path/to/dumpcap
$ sudo chmod 4750 /path/to/dumpcap
Now, add yourself to the 'capture' group and run wireshark. Only dumpcap will run as root, whereas wireshark will run as normal user and therefore enhancing security. This is already implemented in debian, but not properly in ubuntu i guess. I guess it's a bug in ubuntu rather than wireshark itself.

When I try a capture on eth0, the system hangs and I need to press the reset or power button on the computer to reboot it.

Wireshark works fine for me when I try running it as super user, it doesn't hang. What is your system configuration?

--
Cheers,
Hrishikesh Murali