In the latest yum update (today), the update recommends that etereal be eliminated in favor of wireshark. I hadn't heard of wireshark before, but a quick google allayed my fears - wireshark is a fork of the ethereal project, guided by ethereal's founder.

AAR, after install, wireshark doesn't seeem to work. Upon initiating a capture, I get the following error dialogs:
(-) Couldn't run /usr/bin/dumpcap in child process: No such file or directory [OK]
and
(-) Child capture process exited: exit status 2 [OK]

Firstly, I thought I'd alert the community to potential problems

Second, before I dig in, does anyone here already know how to solve this issue?

BTW, ethereal seemed to be working fine ono this machine before this update. Though bear in mind, I have not done a whole lot with it on this platform - I first installed CentOS two days ago.

That differs with program default location /usr/bin

As solution add link in /usr/bin to /usr/sbin/dumpcap

You may also report it as a bug and put bug number here for reference

More info - it looks like a permissions problem:

[jbreher@amitri ~]$ /usr/sbin/tshark
tshark: The capture session could not be initiated (socket: Operation not permitted).

Please check to make sure you have sufficient permissions, and that you have
the proper interface or pipe specified.
[jbreher@amitri ~]$ su -c '/usr/sbin/tshark'
Password:
Capturing on eth0
0.000000 LinksysG_xx:xx:xx -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32768/00:0c:41:xx:xx:xx Cost = 0 Port = 0x8001
...
(MAC obfuscated)

Looks like ethereal did not require root permissions, while wireshark does.

I note that the same update contained a new kernel as well. However, I had not rebooted the first time I tried to use wireshark, so I don't believe that is relevant.

You are right it requires root permitions (no need to do symlink of dumpcap).

Maybe rpm should be modified to require root permitions...

reported as bug# 0001459

http://bugs.centos.org/view.php?id=1459

Quote:

Is there a way to temoprarily assume the priveliges of root for GUI operations, analogous to the way 'su' operates on the command line? I find I can be productive with ethereal in ways that I am not with tethereal.

Quote:

See the page for #1459 (referenced above) for a temporary workaround. This is an error from the upstream provider. This workaround reenables the behaviour of ethereal.

Cheers,

Ralph

Ralph -
I can confirm that the workaround listed in the bug report, which consists of replacing /etc/pam.d/wireshark, does indeed fix the problem.