On Sun, Feb 2, 2025 at 12:13 PM Jaap Keuter <jaap.keu...@xs4all.nl> wrote:
> Hi yeah, you’re at the right place. Figuring out permission issues is hard > when you’re not at the system itself. > > My first thing would be to look for remnants of previous installations > still lingering and being picked up. > > > > On 2 Feb 2025, at 15:51, Mayank <mayankbhaskar...@gmail.com> wrote: > > In addition to the above, I couldn't save the captured file in a custom > location when I run on `sudo` from '*./run/wireshark'*. > > I'm not sure exactly what you mean by "in a custom location," but (unlike many other programs started as root) dumpcap on Linux drops capabilities other than CAP_NET_RAW and CAP_NET_ADMIN before starting a capture, including CAP_DAC_OVERRIDE, which means that, even if started as root (or suid, or sudo), it cannot write to read-only directories or otherwise bypass file read, write, and execute permission checks. A first place to look for capture permission errors is here: https://wiki.wireshark.org/CaptureSetup/ https://wiki.wireshark.org/CaptureSetup/CapturePrivileges John
_______________________________________________ Wireshark-dev mailing list -- wireshark-dev@wireshark.org To unsubscribe send an email to wireshark-dev-le...@wireshark.org
