On Thursday 18 December 2014 13:50:34 Dario Lombardo wrote: > Hi list! > I tried to use nflog to capture packets with wireshark qt and gtk (master) > and I got different results. > First I run > > sudo iptables -A OUTPUT -j NFLOG > sudo iptables -A INPUT -j NFLOG > > then I launched wireshark-gtk and choose nflog as capture interface. All > worked. > But when I launched wireshark (qt) I got an error: > > The capture session could not be initiated on interface 'nflog' (Can't > listen on group group index: Operation not permitted). > > Please check to make sure you have sufficient permissions, and that you > have the proper interface or pipe specified. > > > But I run both wireshark with sudo.
You should not run Wireshark with sudo, instead set the appropriate privileges on the dumpcap binary as described at http://wiki.wireshark.org/CaptureSetup/CapturePrivileges > What did I do wrong? I have spend some minutes into debugging it and it turns out that you cannot have two open sockets for NFLOG. Reproducer: $ dumpcap -i nflog -w /dev/null Capturing on 'nflog' File: /dev/null (in a different shell) $ dumpcap -i nflog -w /dev/null Capturing on 'nflog' dumpcap: The capture session could not be initiated on interface 'nflog' (Can't listen on group group index: Operation not permitted). Please check to make sure you have sufficient permissions, and that you have the proper interface or pipe specified. The difference between GTK and Qt is that Qt additionally executes `dumpcap -S -Z none` which seems to open a socket for each available interface to collect stats. At this point I stopped debugging, hope it helps. -- Kind regards, Peter https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
