Actually it looks like it is an enumeration problem stopping wireshark getting the interfaces.
tcpdump -D shows:
root@neil-laptop:/var/log# tcpdump -D 1.eth0 2.wmaster0 3.wlan0 4.any (Pseudo-device that captures on all interfaces) 5.lo
tcpdump -i usb3 shows:
root@neil-laptop:/var/log# tcpdump -i usb3 tcpdump: Can't open USB bus file /sys/kernel/debug/usbmon/3t: Permission denied
with kern.log showing:
Apr 5 13:47:30 neil-laptop kernel: [ 3407.917155] type=1503 audit(1238935650.458:20): operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=0 name="/dev/usbmon3" pid=5687 profile="/usr/sbin/tcpdump" Apr 5 13:47:30 neil-laptop kernel: [ 3407.917194] type=1503 audit(1238935650.458:21): operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=0 name="/sys/kernel/debug/usbmon/3t" pid=5687 profile="/usr/sbin/tcpdump"
So it looks like the facility is there - just not exposed in the user interface, nor allowed by the audit module.
Actually it looks like it is an enumeration problem stopping wireshark getting the interfaces.
tcpdump -D shows:
root@neil- laptop: /var/log# tcpdump -D
1.eth0
2.wmaster0
3.wlan0
4.any (Pseudo-device that captures on all interfaces)
5.lo
tcpdump -i usb3 shows:
root@neil- laptop: /var/log# tcpdump -i usb3 debug/usbmon/ 3t: Permission denied
tcpdump: Can't open USB bus file /sys/kernel/
with kern.log showing:
Apr 5 13:47:30 neil-laptop kernel: [ 3407.917155] type=1503 audit(123893565 0.458:20) : operation= "inode_ permission" requested_ mask="r: :" denied_mask="r::" fsuid=0 name="/dev/usbmon3" pid=5687 profile= "/usr/sbin/ tcpdump" 0.458:21) : operation= "inode_ permission" requested_ mask="r: :" denied_mask="r::" fsuid=0 name="/ sys/kernel/ debug/usbmon/ 3t" pid=5687 profile= "/usr/sbin/ tcpdump"
Apr 5 13:47:30 neil-laptop kernel: [ 3407.917194] type=1503 audit(123893565
So it looks like the facility is there - just not exposed in the user interface, nor allowed by the audit module.