Wireshark-users: Re: [Wireshark-users] dumpcap/tshark permissions on created pcap files
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 17 May 2018 10:02:25 +0200
But what you should do is adapt the way you capture. 

As the opening screen of Wireshark says:
“Are you a member of the ‘wireshark' group? Try running
‘usermod -a -G wireshark _your_username_’ as root”.
Then logout and login again.

From now on you can capture as you (not root), and the capture files will be created under your username.
With your users umask (0002) your files should be:
1) Owned by you
2) Accessible to others

Good luck.

On 17 May 2018, at 07:48, luke devon via Wireshark-users <wireshark-users@xxxxxxxxxxxxx> wrote:

Hi Guy , 

Yes, It works. Thank you so much for the help. 

Br
Luke.

On Thursday, 17 May 2018, 1:26:43 PM GMT+8, Guy Harris <guy@xxxxxxxxxxxx> wrote:


On May 16, 2018, at 7:51 PM, luke devon via Wireshark-users <wireshark-users@xxxxxxxxxxxxx> wrote:

> How can I fix this ?

Run

    chmod o+r Test_00003_20180517095317.pcap

as root to give "other" read permission on the file.


> what is the root cause for it ?


You ran dumpcap as root (or you ran tshark as root, and *it* ran dumpcap, so dumpcap also ran as root), so the file it creates is owned by root, group root, and root probably has a umask of 0026 or 0027, so, by default, files are created with group write permission, and *all* other permissions, turned off.