Last active
February 6, 2023 17:23
-
-
Save jarek-przygodzki/56ff684b08ddf44c56336d953e7c4bc0 to your computer and use it in GitHub Desktop.
tshark: Couldn't run /usr/sbin/dumpcap in child process: Operation not permitted
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ whoami | |
root | |
$ tshark | |
tshark: Couldn't run /usr/sbin/dumpcap in child process: Operation not permitted | |
Are you a member of the 'wireshark' group? Try running | |
'usermod -a -G wireshark _your_username_' as root. | |
$ stat $(which dumpcap) | |
File: '/usr/sbin/dumpcap' | |
Size: 82360 Blocks: 168 IO Block: 4096 regular file | |
Device: 2bh/43d Inode: 1787 Links: 1 | |
Access: (0750/-rwxr-x---) Uid: ( 0/ root) Gid: ( 998/wireshark) | |
Access: 2017-12-05 11:23:48.456537251 +0000 | |
Modify: 2017-08-06 22:48:18.000000000 +0000 | |
Change: 2017-12-05 10:30:14.736537251 +0000 | |
$ getcap $(which dumpcap) | |
/usr/sbin/dumpcap = cap_net_admin,cap_net_raw+ep | |
--cap-add=NET_RAW --cap-add=NET_ADMIN |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Small clarifications:
21 string is parameters for "docker run" which solve the problem