I’ve built my own custom image based on Bluefin Linux - most of the customisations are inclusion of RPM’s and other packages that I need day to day, to save layering them in later.
I just added wireshark to the list of RPM’s, and it runs successfully - however I can’t capture anything (the wireshark UI says that I don’t have permission to capture, and doesn’t show any of the local interfaces).
I tried adding my user account to the wireshark group and both logging out and back in, and rebooting, but I have the same issue. However if I run sudo wireshark from the terminal, I can see the interfaces and capture packets.
Is there something additional I need to do to enable wireshark to capture packets on Bluefin, other than the wireshark group membership?
Good thought - thank you! I checked but I can’t see anything, and for good measure I ran wireshark again (with my unprivileged user account) after running sudo setenforce 0 and I get the same result. I’ll keep digging…
According to @jamesfreeman959 first post in this thread, he did not install Wireshark using flatpak, but he created his own custom image and inside custom image installed Wireshark using RPM package.
Flatpak version of Wireshark does NOT support capturing network data, only opening existing captured file and analyze it is possible. This is described on Wireshark’s Flathub site as: “This version of Wireshark does not support capturing data” and also on official upstream Wireshark web site as: “the Flatpak environment is also a sandbox and, unfortunately, that sandbox does not allow packet capture“. Using Flatseal to add permissions will not help, because flatpaks do NOT have access to system level network because of flatpak’s sandbox. Flatpak is just not designed to access system level. Anything like this also accessing disk for encrypting it or similar is just not possible with flatpak. System level software should NOT be installed using flatpak and expect it to work.
Check official upstream web page if you have really performed all of the tasks. In general (not only on Fedora) there are three tasks: a) install software, b) enable an option non-root network to be allowed packet capturing and c) add user to wireshark group.
@jamesfreeman959, can you please start wireshark and click on icon to start capturing traffic it should output error if something is wrong. Please post the error message if any.
@jamesfreeman959 please also post the output of cat /etc/group | wireshark this should display users of wireshark group. Make sure your current user echo $USER is defined in this group.
Alternative option is to capture data with tcpdump command like program and then analyze data with Wireshark. If you want to go this route, then this even works on vanilla Blufin (no need for custom image). For example start capturing network traffic on port 80 and safe to output file with:tcpdump -i any -n -nn -s0 -w file.pcap port 80When you are done capturing just press CTRL+C to stop caturing with tcpdump program. Then open file in Wireshark and analyze it.
Hi, I’m also having this issue. I made a custom Bluefin image with Wireshark on top of it. I made sure to add myself to the wireshark group. When I open Wireshark, this is what shows up. It clearly says I’m not allowed to capture network traffic. I logged out and back in and even rebooted. Do you know what else could be the issue?
@jamesfreeman959@nicholas-stout You likely didn’t get added to the wireshark group actually. useradd fails silently for me. I’m having the same issue and I also reproduced it on Silverblue. There’s a bug for rpm-ostree about this: 2374225 – rpm-ostree incompatible with group permissions. Also a workaround by manually copying the group into /etc/group is mentioned there but it has to be undone before upgrades . I didn’t test that as I rather just run wireshark as root.
. I didn’t test that as I rather just run wireshark as root.