Home page logo

wireshark logo Wireshark mailing list archives

Re: DUMPCAP -g (Set ring buffer file group permissions)
From: John Powell <jrp999 () gmail com>
Date: Tue, 11 Dec 2012 13:24:56 -0600

Hi Jeff,

I must be missing something.

I set dumpcap permissions to:

# ls -l /usr/local/bin/dumpcap
-rwxr-xr-- 1 root wireshark 230157 Dec 11 10:40 /usr/local/bin/dumpcap

and the dumpcap command is:

root             /usr/local/bin/dumpcap -B 16 -i 2 -f vlan and (not vrrp
and not udp port 1985 and not ether host 01:00:0c:cc:cc:cc) -g wireshark -b
filesize:250000 -b duration:900 -w /var/opt/data/captures.cap

I also tried

root                        /usr/local/bin/dumpcap -B 16 -i 2 -f vlan and
(not vrrp and not udp port 1985 and not ether host 01:00:0c:cc:cc:cc) -g -b
filesize:250000 -b duration:900 -w /var/opt/data/captures.cap

but the ring buffer files still end up "root root".

]# ls /var/opt/data/captures/*  -l
-rw-r-----  1 root root      111542192 Dec 11 13:19 /var/


Any guidance will be appreciated!



On Tue, Dec 11, 2012 at 1:11 PM, John Powell <jrp999 () gmail com> wrote:

Hi Jeff,

After you said that I did DUMPCAP -h and behold there it was!!

Thanks so much for all of the work you do on this project!!


On Tue, Dec 11, 2012 at 12:59 PM, Jeff Morriss <jeff.morriss.ws () gmail com>wrote:

John Powell wrote:


I need to set the group permissions for files created by DumpCap.

In this post I see the option " -g " is supposed to exist (

/> > The file permissions are hardcoded in the source code. I have added
/> > the option '-g' to dumpcap to enable group read access as this can /
/> > indeed be handy when (automatically) capturing to a ringbuffer. /
/> > /
/> > To be able to use this feature, you will have to use an automated /
/> > build[1] with a number higher than 33978 (available in a couple of /
/> > hours) or wait for the next 1.5.x development release. /
/> > /
/> > Cheers, /
/> > /
/> > /
/> > Sake /

Can someone please point me to how I can get a version that to have
access to this option?

You'd need Wireshark 1.6.0 or later.  The current version (1.8.4) would
be your best bet.

BTW I noticed that this option is not listed in dumpcap's man page; I'll
correct that shortly.
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/**lists/wireshark-dev<http://www.wireshark.org/lists/wireshark-dev>
            mailto:wireshark-dev-request () **wireshark org<wireshark-dev-request () wireshark org>

Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]