On Thu, Dec 18, 2014 at 4:29 PM, Peter Wu <pe...@lekensteyn.nl> wrote: > > > You should not run Wireshark with sudo, instead set the appropriate > privileges on the dumpcap binary as described at > http://wiki.wireshark.org/CaptureSetup/CapturePrivileges > > Generally speaking, you are right, and it's waht I do with my stable wireshark. But with my development version, the setcapped binary is overwritten every time I recompile. So I use the master compiled version with sudo.
> > What did I do wrong? > > I have spend some minutes into debugging it and it turns out that you > cannot have two open sockets for NFLOG. > > Reproducer: > $ dumpcap -i nflog -w /dev/null > Capturing on 'nflog' > File: /dev/null > (in a different shell) > $ dumpcap -i nflog -w /dev/null > Capturing on 'nflog' > dumpcap: The capture session could not be initiated on interface 'nflog' > (Can't listen on group group index: Operation not permitted). > Please check to make sure you have sufficient permissions, and that you > have the proper interface or pipe specified. > > The difference between GTK and Qt is that Qt additionally executes > `dumpcap -S -Z none` which seems to open a socket for each available > interface to collect stats. > > At this point I stopped debugging, hope it helps. If I've got the point, wireshark QT is not expected to work with nflog, right? If stats can't be stopped, it won't work.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe