Running Wireshark As A Regular User

by AndrzejL

Wireshark is a network packet sniffer. When opening it as a regular user, I had no capturing interfaces to use as a source for sniffing. I don’t feel comfortable running Wireshark as root. Nothing should be run with root privileges unless there is absolutely no other option. So I have decided to mess around with Wireshark and to enable the packet capturing for a non-root user. After a bit of search online I was able to do so.

Here is how.

I assume that you have PCLinuxOS installed / fully upgraded and that you have installed Wireshark.

Run those commands to allow non-root user the Wireshark access:

su

give it a root password

apt-get --yes install libpcap libcap-utils

give it some time to finish.

groupadd wireshark

usermod -a -G wireshark andrzejl

you need to change andrzejl to your login.

chgrp wireshark /usr/bin/dumpcap

chmod 750 /usr/bin/dumpcap

chmod o+x /usr/bin/dumpcap

setcap cap_net_raw,cap_net_admin=eip /usr/sbin/dumpcap

getcap /usr/bin/dumpcap

after that you can run:

exit

wireshark

This will start Wireshark from your user account. You should now have access to the capturing interfaces.

Hope this helps somebody someday.

.