Wireshark GUI starts up, but no network interfaces are recognized. I see the following:
but I expect to see ethernet and looback devices.
Any help is appreciated.
ADDITIONAL:
Wireshark flatpak exits, but it does not support capturing network traffic and so is not really helpful for my case, I need network capturing and analyzing program.
The group will only exists when Wireshark in installed / overlayed on the system. If you go this route, then you can use Troubleshooting :: Fedora Docs to add yourself to it.
If you want to run it from a container, then you need to make sure that you retain the user and group in the container, which means that you likely have to run it as “root” inside a toolbox container.
I see when “root” user is required it is probably easier to install it rpm-ostree layer then using containers.
I did the following:
# Installed Wireshark in rpm-ostree layer
rpm-ostree install wireshark
# Rebooted to make affect.
systemctl reboot
# Add user to group as suggested by Timothée Ravier
grep -E '^wireshark:' /usr/lib/group | sudo tee -a /etc/group
sudo usermod -aG wireshark $USER
# Reboot to take user to group affect (maybe logoff is enough)
systemctl reboot
# Start program
wireshark
Now I see network traffic is visible to Wireshark and so problem solved.
Yesterday I tried to upgrade with: rpm-ostree upgrade
and error was returned:
error: While applying overrides for pkg wireshark-cli: Could not find group ‘wireshark’ in group file
I run “wireshark” and it successfully started and was working fine. But, I don’t know why “wireshark-cli” is a problem, looks like some CLI part of Wireshark.
Then I removed the “wireshark”: rpm-ostree uninstall wireshark
and installed it back following above instructions and then rpm-ostree upgrade
worked fine and also “wireshark” started successfully and working fine.
Today I have repeated the “rpm-ostree upgrade” command I have got the same error as yesterday.
I know I can uninstall “wireshark”, but I would like to avoid doing this over and over again every day.
Also… I have looked at the issue error is pointing out.
@siosm, yes it does look like some old issue. Is this an issue all users installing wireshark in rpm-ostree gets into or is this per user problem? Do you think this is an issue of rpm-ostree (or one of its components) or is RPM install package doing something extraordinary. If the later, then maybe upstream wireshark packager can be contacted.
@Alessio, using wireshark/flatpak (that do not support network capturing and only supports analysis of already captured file) and using ssh-remote-capture, it would require to install SSH server on my desktop, this is also little bit overhead. I mean installing SSH server to do the capture.
One by-pass solution I am looking at it is:
install tcpdump as rpm-ostree layer to capture network traffic
install wireshark/flatpak to do the network capture file analysis
This is little bit annoyance to need two tools to do the job of one.
I don’t have a great answer here. Ideally, the whireshark package would provide a polkit enabled DBus service that would let the Flatpak dynamically request the service to tcpdump an interface and forward the content to the unprivileged Flatpak.
As a workaround, running tcpdump from a privileged (root) toolbox and then analyzing the result in the Flatpak could do it as well.
I’ve never run sshdump but I found the following pages:
It looks to me SSH server is NOT installed by default on Fedora Silverblue.
I am not sure about this. Running sshdump from Wireshark and dialog is displayed with fields:
Remote SSH server address
Remote SSH server port
Remote SSH server username
Remote SSH server password
and more… It looks to me SSH server is required and additionally probably some TCP monitoring tool like tcpdump (which is probably already installed on most Linux servers, but not desktops).
I need Wireshark time to time on my desktop machine to take network capture of my desktop to remote server.
