# wireshark command not found

## queen

I have installed wireshark 

```

[I] net-analyzer/wireshark

     Available versions:  0.99.7 ~0.99.7-r1 {adns gtk ipv6 kerberos portaudio selinux snmp ssl threads}

     Installed versions:  0.99.7(18:13:04 01/26/08)(ipv6 ssl -adns -gtk -kerberos -portaudio -selinux -snmp -threads)

     Homepage:            http://www.wireshark.org/

     Description:         A network protocol analyzer formerly known as ethereal
```

and yet, when I try to open it from command line I get 

```
# wireshark

bash: wireshark: command not found
```

Anyone has an idea what's going on? It's a new install on a laptop.

----------

## Old School

Are you trying to open it as user or root?

----------

## queen

 *old school wrote:*   

> Are you trying to open it as user or root?

 

as root.

Now I see it's a more general problem. I tried as root to open thunderbird and I get same error. command not found. I ran hash -r but it doesn't help.

----------

## Hu

What is the output of echo $PATH ; equery files wireshark ; find /usr/bin \( -name wireshark -o -name thunderbird \) -ls ; ls -l -d /{,usr/{,/bin}}?

Perhaps more importantly, why are you running Wireshark as root?  The ebuild specifically says NOT to do that.

----------

## queen

 *Hu wrote:*   

> What is the output of echo $PATH ; equery files wireshark ; find /usr/bin \( -name wireshark -o -name thunderbird \) -ls ; ls -l -d /{,usr/{,/bin}}?
> 
> Perhaps more importantly, why are you running Wireshark as root?  The ebuild specifically says NOT to do that.

 

I happened to be as root and tried to run it. Usually I don't run it as root. 

I tried to run now as user and I get the same error. Thunderbird I managed to launch as normal user. Here is the output of your command. 

```
/sbin:/bin:/usr/sbin:/usr/bin

[ Searching for packages matching wireshark... ]

* Contents of net-analyzer/wireshark-0.99.7:

/usr

/usr/bin

/usr/bin/capinfos

/usr/bin/dftest

/usr/bin/dumpcap

/usr/bin/editcap

/usr/bin/idl2wrs

/usr/bin/mergecap

/usr/bin/randpkt

/usr/bin/text2pcap

/usr/bin/tshark

/usr/include

/usr/include/wiretap

/usr/include/wiretap/wtap.h

/usr/lib

/usr/lib/libwireshark.la

/usr/lib/libwireshark.so -> libwireshark.so.0.0.1

/usr/lib/libwireshark.so.0 -> libwireshark.so.0.0.1

/usr/lib/libwireshark.so.0.0.1

/usr/lib/libwiretap.la

/usr/lib/libwiretap.so -> libwiretap.so.0.0.1

/usr/lib/libwiretap.so.0 -> libwiretap.so.0.0.1

/usr/lib/libwiretap.so.0.0.1

/usr/lib/wireshark

/usr/lib/wireshark/plugins

/usr/lib/wireshark/plugins/0.99.7

/usr/lib/wireshark/plugins/0.99.7/agentx.la

/usr/lib/wireshark/plugins/0.99.7/agentx.so

/usr/lib/wireshark/plugins/0.99.7/artnet.la

/usr/lib/wireshark/plugins/0.99.7/artnet.so

/usr/lib/wireshark/plugins/0.99.7/asn1.la

/usr/lib/wireshark/plugins/0.99.7/asn1.so

/usr/lib/wireshark/plugins/0.99.7/ciscosm.la

/usr/lib/wireshark/plugins/0.99.7/ciscosm.so

/usr/lib/wireshark/plugins/0.99.7/coseventcomm.la

/usr/lib/wireshark/plugins/0.99.7/coseventcomm.so

/usr/lib/wireshark/plugins/0.99.7/cosnaming.la

/usr/lib/wireshark/plugins/0.99.7/cosnaming.so

/usr/lib/wireshark/plugins/0.99.7/docsis.la

/usr/lib/wireshark/plugins/0.99.7/docsis.so

/usr/lib/wireshark/plugins/0.99.7/enttec.la

/usr/lib/wireshark/plugins/0.99.7/enttec.so

/usr/lib/wireshark/plugins/0.99.7/ethercat.la

/usr/lib/wireshark/plugins/0.99.7/ethercat.so

/usr/lib/wireshark/plugins/0.99.7/gryphon.la

/usr/lib/wireshark/plugins/0.99.7/gryphon.so

/usr/lib/wireshark/plugins/0.99.7/irda.la

/usr/lib/wireshark/plugins/0.99.7/irda.so

/usr/lib/wireshark/plugins/0.99.7/lwres.la

/usr/lib/wireshark/plugins/0.99.7/lwres.so

/usr/lib/wireshark/plugins/0.99.7/m2m.la

/usr/lib/wireshark/plugins/0.99.7/m2m.so

/usr/lib/wireshark/plugins/0.99.7/mate.la

/usr/lib/wireshark/plugins/0.99.7/mate.so

/usr/lib/wireshark/plugins/0.99.7/opcua.la

/usr/lib/wireshark/plugins/0.99.7/opcua.so

/usr/lib/wireshark/plugins/0.99.7/opsi.la

/usr/lib/wireshark/plugins/0.99.7/opsi.so

/usr/lib/wireshark/plugins/0.99.7/parlay.la

/usr/lib/wireshark/plugins/0.99.7/parlay.so

/usr/lib/wireshark/plugins/0.99.7/pcli.la

/usr/lib/wireshark/plugins/0.99.7/pcli.so

/usr/lib/wireshark/plugins/0.99.7/profinet.la

/usr/lib/wireshark/plugins/0.99.7/profinet.so

/usr/lib/wireshark/plugins/0.99.7/rlm.la

/usr/lib/wireshark/plugins/0.99.7/rlm.so

/usr/lib/wireshark/plugins/0.99.7/rtnet.la

/usr/lib/wireshark/plugins/0.99.7/rtnet.so

/usr/lib/wireshark/plugins/0.99.7/rudp.la

/usr/lib/wireshark/plugins/0.99.7/rudp.so

/usr/lib/wireshark/plugins/0.99.7/sbus.la

/usr/lib/wireshark/plugins/0.99.7/sbus.so

/usr/lib/wireshark/plugins/0.99.7/stats_tree.la

/usr/lib/wireshark/plugins/0.99.7/stats_tree.so

/usr/lib/wireshark/plugins/0.99.7/tango.la

/usr/lib/wireshark/plugins/0.99.7/tango.so

/usr/lib/wireshark/plugins/0.99.7/unistim.la

/usr/lib/wireshark/plugins/0.99.7/unistim.so

/usr/lib/wireshark/plugins/0.99.7/v5ua.la

/usr/lib/wireshark/plugins/0.99.7/v5ua.so

/usr/lib/wireshark/plugins/0.99.7/wimax.la

/usr/lib/wireshark/plugins/0.99.7/wimax.so

/usr/lib/wireshark/plugins/0.99.7/wimaxasncp.la

/usr/lib/wireshark/plugins/0.99.7/wimaxasncp.so

/usr/share

/usr/share/doc

/usr/share/doc/wireshark-0.99.7

/usr/share/doc/wireshark-0.99.7/AUTHORS.bz2

/usr/share/doc/wireshark-0.99.7/ChangeLog.bz2

/usr/share/doc/wireshark-0.99.7/NEWS.bz2

/usr/share/doc/wireshark-0.99.7/README.aix.bz2

/usr/share/doc/wireshark-0.99.7/README.bsd.bz2

/usr/share/doc/wireshark-0.99.7/README.bz2

/usr/share/doc/wireshark-0.99.7/README.hpux.bz2

/usr/share/doc/wireshark-0.99.7/README.irix.bz2

/usr/share/doc/wireshark-0.99.7/README.linux.bz2

/usr/share/doc/wireshark-0.99.7/README.macos.bz2

/usr/share/doc/wireshark-0.99.7/README.tru64.bz2

/usr/share/doc/wireshark-0.99.7/README.vmware.bz2

/usr/share/doc/wireshark-0.99.7/README.win32.bz2

/usr/share/man

/usr/share/man/man1

/usr/share/man/man1/capinfos.1.bz2

/usr/share/man/man1/dumpcap.1.bz2

/usr/share/man/man1/editcap.1.bz2

/usr/share/man/man1/idl2wrs.1.bz2

/usr/share/man/man1/mergecap.1.bz2

/usr/share/man/man1/text2pcap.1.bz2

/usr/share/man/man1/tshark.1.bz2

/usr/share/man/man4

/usr/share/man/man4/wireshark-filter.4.bz2

/usr/share/wireshark

/usr/share/wireshark/AUTHORS-SHORT

/usr/share/wireshark/COPYING

/usr/share/wireshark/capinfos.html

/usr/share/wireshark/cfilters

/usr/share/wireshark/colorfilters

/usr/share/wireshark/dfilters

/usr/share/wireshark/diameter

/usr/share/wireshark/diameter/Ericsson.xml

/usr/share/wireshark/diameter/TGPPSh.xml

/usr/share/wireshark/diameter/chargecontrol.xml

/usr/share/wireshark/diameter/dictionary.dtd

/usr/share/wireshark/diameter/dictionary.xml

/usr/share/wireshark/diameter/etsie2e4.xml

/usr/share/wireshark/diameter/gqpolicy.xml

/usr/share/wireshark/diameter/imscxdx.xml

/usr/share/wireshark/diameter/mobileipv4.xml

/usr/share/wireshark/diameter/nasreq.xml

/usr/share/wireshark/diameter/sip.xml

/usr/share/wireshark/diameter/sunping.xml

/usr/share/wireshark/dtds

/usr/share/wireshark/dtds/dc.dtd

/usr/share/wireshark/dtds/itunes.dtd

/usr/share/wireshark/dtds/mscml.dtd

/usr/share/wireshark/dtds/pocsettings.dtd

/usr/share/wireshark/dtds/presence.dtd

/usr/share/wireshark/dtds/reginfo.dtd

/usr/share/wireshark/dtds/rlmi.dtd

/usr/share/wireshark/dtds/rss.dtd

/usr/share/wireshark/dtds/smil.dtd

/usr/share/wireshark/dtds/watcherinfo.dtd

/usr/share/wireshark/dtds/xcap-caps.dtd

/usr/share/wireshark/dtds/xcap-error.dtd

/usr/share/wireshark/dumpcap.html

/usr/share/wireshark/editcap.html

/usr/share/wireshark/help

/usr/share/wireshark/help/capture_filters.txt

/usr/share/wireshark/help/capturing.txt

/usr/share/wireshark/help/display_filters.txt

/usr/share/wireshark/help/faq.txt

/usr/share/wireshark/help/getting_started.txt

/usr/share/wireshark/help/overview.txt

/usr/share/wireshark/help/toc

/usr/share/wireshark/idl2wrs.html

/usr/share/wireshark/manuf

/usr/share/wireshark/mergecap.html

/usr/share/wireshark/radius

/usr/share/wireshark/radius/dictionary

/usr/share/wireshark/radius/dictionary.3com

/usr/share/wireshark/radius/dictionary.3gpp

/usr/share/wireshark/radius/dictionary.3gpp2

/usr/share/wireshark/radius/dictionary.acc

/usr/share/wireshark/radius/dictionary.alcatel

/usr/share/wireshark/radius/dictionary.alteon

/usr/share/wireshark/radius/dictionary.altiga

/usr/share/wireshark/radius/dictionary.aptis

/usr/share/wireshark/radius/dictionary.ascend

/usr/share/wireshark/radius/dictionary.bay

/usr/share/wireshark/radius/dictionary.bintec

/usr/share/wireshark/radius/dictionary.bristol

/usr/share/wireshark/radius/dictionary.cablelabs

/usr/share/wireshark/radius/dictionary.cabletron

/usr/share/wireshark/radius/dictionary.cisco

/usr/share/wireshark/radius/dictionary.cisco.bbsm

/usr/share/wireshark/radius/dictionary.cisco.vpn3000

/usr/share/wireshark/radius/dictionary.cisco.vpn5000

/usr/share/wireshark/radius/dictionary.colubris

/usr/share/wireshark/radius/dictionary.columbia_university

/usr/share/wireshark/radius/dictionary.compat

/usr/share/wireshark/radius/dictionary.cosine

/usr/share/wireshark/radius/dictionary.ericsson

/usr/share/wireshark/radius/dictionary.erx

/usr/share/wireshark/radius/dictionary.extreme

/usr/share/wireshark/radius/dictionary.foundry

/usr/share/wireshark/radius/dictionary.freeradius

/usr/share/wireshark/radius/dictionary.gandalf

/usr/share/wireshark/radius/dictionary.garderos

/usr/share/wireshark/radius/dictionary.gemtek

/usr/share/wireshark/radius/dictionary.itk

/usr/share/wireshark/radius/dictionary.juniper

/usr/share/wireshark/radius/dictionary.karlnet

/usr/share/wireshark/radius/dictionary.livingston

/usr/share/wireshark/radius/dictionary.localweb

/usr/share/wireshark/radius/dictionary.merit

/usr/share/wireshark/radius/dictionary.microsoft

/usr/share/wireshark/radius/dictionary.mikrotik

/usr/share/wireshark/radius/dictionary.navini

/usr/share/wireshark/radius/dictionary.netscreen

/usr/share/wireshark/radius/dictionary.nokia

/usr/share/wireshark/radius/dictionary.nomadix

/usr/share/wireshark/radius/dictionary.propel

/usr/share/wireshark/radius/dictionary.quintum

/usr/share/wireshark/radius/dictionary.redback

/usr/share/wireshark/radius/dictionary.redcreek

/usr/share/wireshark/radius/dictionary.shasta

/usr/share/wireshark/radius/dictionary.shiva

/usr/share/wireshark/radius/dictionary.sonicwall

/usr/share/wireshark/radius/dictionary.springtide

/usr/share/wireshark/radius/dictionary.t_systems_nova

/usr/share/wireshark/radius/dictionary.telebit

/usr/share/wireshark/radius/dictionary.trapeze

/usr/share/wireshark/radius/dictionary.tunnel

/usr/share/wireshark/radius/dictionary.unisphere

/usr/share/wireshark/radius/dictionary.unix

/usr/share/wireshark/radius/dictionary.usr

/usr/share/wireshark/radius/dictionary.valemount

/usr/share/wireshark/radius/dictionary.versanet

/usr/share/wireshark/radius/dictionary.wispr

/usr/share/wireshark/radius/dictionary.xedia

/usr/share/wireshark/services

/usr/share/wireshark/smi_modules

/usr/share/wireshark/text2pcap.html

/usr/share/wireshark/tpncp

/usr/share/wireshark/tpncp/tpncp.dat

/usr/share/wireshark/tshark.html

/usr/share/wireshark/wimaxasncp

/usr/share/wireshark/wimaxasncp/dictionary.dtd

/usr/share/wireshark/wimaxasncp/dictionary.xml

/usr/share/wireshark/wireshark-filter.html

/usr/share/wireshark/wireshark.html

696088    4 -rwxr-xr-x   1 root     root          391 Jan 19 10:16 /usr/bin/thunde         rbird

drwxr-xr-x 19 root root   536 Apr 20  2007 /

drwxr-xr-x 15 root root   480 Jan 26 15:50 /usr/

drwxr-xr-x  2 root root 26464 Jan 26 18:43 /usr//bin

```

PS: I tried now gmplayer and get command not found as well.

----------

## wjb

 *queen wrote:*   

> I have installed wireshark 
> 
> ```
> 
>      ...
> ...

 

You only get wireshark (the GUI part) if the gtk use flag is set - add a line to package.use for wireshark.

Also remember your user needs to be added to the wireshark group or wireshark won't run.

----------

## queen

 *wjb wrote:*   

>  *queen wrote:*   I have installed wireshark 
> 
> ```
> 
>      ...
> ...

 

OK, will add gtk. I have wireshark on other laptop and I don't have a group called wireshark.

----------

## wjb

Maybe thats an older version, the ebuild log says

```
WARN: postinst

With version 0.99.7, all function calls that require elevated privileges

have been moved out of the GUI to dumpcap. WIRESHARK CONTAINS OVER ONE

POINT FIVE MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT.

NOTE: To run wireshark as normal user you have to add yourself into

wireshark group. This security measure ensures that only trusted

users allowed to sniff your traffic.
```

The build creates the wireshark group, but does not add any users to it.

----------

## Hu

No, you do not need to be in the wireshark group to run Wireshark.  You only need to be in the wireshark group to capture live traffic using Wireshark.  If you only want to use Wireshark to read a saved packet capture file, you can run it without being in the wireshark group.

----------

## queen

 *Hu wrote:*   

> No, you do not need to be in the wireshark group to run Wireshark.  You only need to be in the wireshark group to capture live traffic using Wireshark.  If you only want to use Wireshark to read a saved packet capture file, you can run it without being in the wireshark group.

 

I installed the newest version available. No such group was created. Moreover, my old laptop (which I installed wireshark about a year ago, also didn't create such a group). The group was supposed to be created in /etc/group ?

----------

## Hu

In the ebuilds =net-analyzer/wireshark-0.99.7, =net-analyzer/wireshark-0.99.7-r1, and =net-analyzer/wireshark-0.99.7-r2, pkg_setup() calls enewgroup to add the wireshark group.  If you do not have a wireshark group in /etc/group, you should investigate the build log to determine why.  It may be necessary to rerun the emerge to obtain the log if you do not save emerge logs.

----------

## wjb

I found that if I wasn't in the wireshark group, selecting certain menu options would crash wireshark - it probably is just the capture-related ones, but it is truly irritating to have the whole app disappear just because you clicked the 'wrong' thing.

----------

## Hu

That is a known bug in =net-analyzer/wireshark-0.99.7 and it is fixed in =net-analyzer/wireshark-0.99.7-r1 and above.

----------

## queen

 *Hu wrote:*   

> That is a known bug in =net-analyzer/wireshark-0.99.7 and it is fixed in =net-analyzer/wireshark-0.99.7-r1 and above.

 

I don't see in portage 0.99.7. Only 0.99.6 and 0.99.6-r1. 

Is t a typo mistake?

----------

## Hu

No, it is not a mistake.  I do not see 0.99.6 in Portage.  It was removed due to security vulnerabilities.  Have you synchronized your Portage tree recently?

----------

## queen

 *Hu wrote:*   

> No, it is not a mistake.  I do not see 0.99.6 in Portage.  It was removed due to security vulnerabilities.  Have you synchronized your Portage tree recently?

 

Yes, I synced. Maybe the mirror I use isn't so updated. 

On 2nd pc I see now that indeed there is 0.99.7 ~0.99.7-r1.

----------

## weisso5

to answer queen's original question, you are looking for :

/usr/bin/tshark

man tshark:

TSHARK(1)               The Wireshark Network Analyzer               TSHARK(1)

NAME

       tshark - Dump and analyze network traffic

SYNOPSYS

       tshark [ -a <capture autostop condition> ] ...  [ -b <cap-

       ture ring buffer option>] ...  [ -B <cap-

       ture buffer size (Win32 only)> ]  [ -c <capture packet count> ]

       [ -d <layer type>==<selector>,<decode-as protocol> ] [ -D ]

       [ -e <field> ] [ -E <field print option> ] [ -f <capture filter> ]

       [ -F <file format> ] [ -h ] [ -i <capture interface>|- ] [ -l ] [ -L ]

       [ -n ] [ -N <name resolving flags> ] [ -o <preference setting> ] ...

       [ -p ] [ -q ] [ -r <infile> ] [ -R <read (display) filter> ] [ -s <cap-

       ture snaplen> ] [ -S ] [ -t ad|a|r|d|e ]

       [ -T pdml|psml|ps|text|fields ] [ -v ] [ -V ] [ -w <outfile>|- ] [ -x ]

       [ -X <eXtension option>] [ -y <capture link type> ] [ -z <statistics> ]

       [ <capture filter> ]

more description on the man page

-weisso

----------

## guinness.stout

I am having this same issue.  I just emerged 1.0 and I have no GUI, even when i did USE=gtk emerge wireshark.  Nothing in my K menu either.  Ideas?

----------

## Erulabs

guinness.stout:

Please don't ever do a "USE="blah" emerge -av sinful-use-flags".

Just go the simple road and add "gtk" to /etc/make.conf and reemerge wireshark.

You can also try:

```
whereis wireshark
```

.

----------

## Hu

 *guinness.stout wrote:*   

> I am having this same issue.  I just emerged 1.0 and I have no GUI, even when i did USE=gtk emerge wireshark.  Nothing in my K menu either.  Ideas?

 

Please post the output of emerge --info ; emerge --pretend --verbose net-analyzer/wireshark.

----------

## guinness.stout

 *Erulabs wrote:*   

> guinness.stout:
> 
> Please don't ever do a "USE="blah" emerge -av sinful-use-flags".
> 
> Just go the simple road and add "gtk" to /etc/make.conf and reemerge wireshark.
> ...

 

Why would you not use that?  I've emerge several packages that require USE statements I don't want in make.conf perminatly.  I sure don't feel like checking make.conf for conflicting use statments each time I emerge -uD world.

I emerge -C wireshark and USE="gtk" emerge wireshark and finally got the GUI.  Couldn't tell you what caused my initial problem.

----------

## Hu

 *guinness.stout wrote:*   

>  *Erulabs wrote:*   guinness.stout:
> 
> Please don't ever do a "USE="blah" emerge -av sinful-use-flags".
> 
> Just go the simple road and add "gtk" to /etc/make.conf and reemerge wireshark.
> ...

 

As mentioned in the Gentoo handbook, placing a USE value on the command line means that it applies only for this run.  If you use the environment variable to control the build, then those changes will be lost when you rebuild that package in your next emerge -uD world.  You should use /etc/portage/package.use to set per-package USE flags if you have a flag that you want to apply only to some packages.

----------

