Monday, July 28, 2014

Wireshark/tshark startup error popup.

Lua: Error during loading: 
dofile has been disabled

If you get this error when you start up wireshark, it means that you trying to run it with root privileges. It may be dangerous.

If you are using lua scripting with Tshark/Wireshark, then it is strongly recommended to change your system to be able to do capturing and analysis without root privileges. Tshark just protects you from running a script (with endless possibilities to mess up your system if programmed badly) with root privileges.

If not, you can just ignore this error message.

To make this error disappear permanently, you should patch this file on line 29:

'disable_lua = false' change it to 'disable_lua = true'
nano /usr/share/wireshark/init.lua

-- Set disable_lua to true to disable Lua support.
disable_lua = true

Someone asked me how to run wireshark without root, here's the solution:
sudo addgroup -system wireshark
sudo chown root:wireshark /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
sudo usermod -a -G wireshark YOUR_USER_NAME

No comments:

Post a Comment