How to run tshark commands from root mode in linux using TCL script ?

StackOverflow https://stackoverflow.com/questions/18103799

  •  23-06-2022
  •  | 
  •  

Question

I am using linux pc and installed tshark . And have to capture packets in eth1 interface using TCL script. But tshark is running in root mode. Capturing and script running pc's are same. How to login as root and how to run tshark commands using TCL ? Please provide me a solution for this.

#!/usr/bin/tclsh 

set out [exec tshark -V -i eth1 arp -c 1 ]

puts $out

Output

test@test:~$ tclsh pcap.tcl 
Capturing on eth1
tshark: The capture session could not be initiated (eth1: You don't have permission to capture on that device (socket: Operation not permitted)).
Please check to make sure you have sufficient permissions, and that you have the proper interface or pipe specified.
0 packets captured
    while executing
"exec tshark -V -i eth1 arp -c 1 "
    invoked from within
"set out [exec tshark -V -i eth1 arp -c 1 ]"
    (file "pcap.tcl" line 5)
test@test:~$
Was it helpful?

Solution

please try below steps and also refer this link http://packetlife.net/blog/2010/mar/19/sniffing-wireshark-non-root-user/

root@test:/usr/bin# setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
root@test:/usr/bin# getcap /usr/bin/dumpcap
/usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip
root@test:/usr/bin# exit
exit
test@test:/usr/bin$ tshark -V -i eth1
Capturing on eth1
Frame 1 (60 bytes on wire, 60 bytes captured)
    Arrival Time: Aug  8, 2013 13:54:27.481528000
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]

OTHER TIPS

You have to either elevate the privileges of your tshark process via sudo (or any other available means) or run your whole script with elevated privileges.

One way to do that which might be simpler than sudo as it would require zero customizations is to write a super-simple C program which would just run /usr/bin/tshark with the necessary arguments and then make that program setuid root and distribute along with your Tcl program. That is only needed if you need portability. Otherwise sudo is much simpler.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top