Wireshark · Wireshark-users: Re: [Wireshark-users] [Wiresharkusers] Re: Unable to get tshark to capture packets when running as u

Wireshark-users: Re: [Wireshark-users] [Wiresharkusers] Re: Unable to get tshark to capture packe

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 18 May 2010 16:04:35 -0700

On May 18, 2010, at 3:25 PM, Fisher, AJ wrote:

> The output is the same for both "tshark -p" and "tshark" on the HP-UX 11.31 box...

*Almost* the same:

> $ tshark -p
> 
	...

> tshark: ... promisc_sap ...
> 
> $ tshark

	...

> tshark: ... promisc_phys: ...

"-p" isn't trying to set the physical network adapter into promiscuous mode - "-p" disables that - but it's still putting the network stack above that device into a mode where that particular descriptor gets all packet types ("SAP promiscuity", for Service Access Point).

In either case, it appears that, at least on HP-UX 11.31, you have to be root, so it appears root privilege is needed to capture traffic; if there's a dumpcap on your HP-UX machine, try making it set-UID root.

References:
- Re: [Wireshark-users] [Wiresharkusers] Re: Unable to get tshark to capture packets when running as user on RHEL 4.6, HP-UX 11.31
  - From: Fisher, AJ

Prev by Date: Re: [Wireshark-users] [Wiresharkusers] Re: Unable to get tshark to capture packets when running as user on RHEL 4.6, HP-UX 11.31
Next by Date: [Wireshark-users] One-way conversations
Previous by thread: Re: [Wireshark-users] [Wiresharkusers] Re: Unable to get tshark to capture packets when running as user on RHEL 4.6, HP-UX 11.31
Next by thread: [Wireshark-users] One-way conversations
Index(es):
- Date
- Thread