How to use wireshark?

decrepit · 8 May 2016 13:23

I’ve just installed wireshark on mate 16, and it says it can’t do anything. I’ve read the “how to capture” doc and it seems dumpcap needs root privileges. And yes if I “sudo dumpcap” I think I can get it to capture. It says it’s saved the capture to “output.pcapng”, But where is this? A caja search can’t find it.
In the old days I just manually selected which interface I wanted, hit capture and away it went, there was nothing complicated about it.
I answered the “allow non root users to capture” question with a yes so I’m surprised it needs root privileges.
I tried “sudo wireshark” but there’s no such command.

Any thoughts kind people?

wolfman · 8 May 2016 14:08

Hi @decrepit,

I have no idea myself so try their FAQ’s here:

https://ask.wireshark.org/faq/

lah7 · 8 May 2016 17:01

For Wireshark to work for non-root users, the wireshark group needs to be added to the user account.

Go to Users & Groups (System → Administration)
Click “Manage Groups”
Select “wireshark” and open its properties.
Tick your user account.
Save, log out then log back in.

mandarke · 9 May 2016 06:25

i use this to get it working: sudo dpkg-reconfigure wireshark-common

decrepit · 9 May 2016 09:27

Thanks guys, I followed lah7’s advice first and it’s up and running. I thought by the help files it would be something simple like that, But they assumed too much knowledge of how to manage groups.