Wireshark - permission problem in Ubuntu
Sebastian Wright 
I installed wireshark (tshark) using
sudo apt-get install tshark this installed the tshark executable in /usr/bin/tshark.
The problem now is that I am unable to run it without root permissions. How can I execute this command using the permissions of a normal user?
04 Answers
You'll need to configure wireshark to allow non-root-users to capture packets:
dpkg-reconfigure wireshark-commonAdd yourself to the wireshark group:
sudo usermod -a -G wireshark "$USER"Restart your system so the group permissions will be applied. Now you can start wireshark and capture some packets!
1The Wireshark wiki discusses permissions and ways to "circumvent" them if needed - although I'm pretty sure that any packet capturing on Linux would require root at some level.
I had a similar issue with not being able to see any network interfaces when running Wireshark (tshark's GUI cousin) as a non-root user. Nowadays, Ubuntu and Debian support file capabilities with which I was able to get Wireshark (and tshark) running as non-root.
Create a wireshark group.
sudo groupadd wiresharkAdd your username to the wireshark group.
sudo usermod -a -G wireshark yourusernameChange group ownership of dumpcap to wireshark group.
sudo chgrp wireshark /usr/bin/dumpcapSet file permissions of dumpcap to 754 (rwx for user, r-x for group).
sudo chmod 754 /usr/bin/dumpcapEnable file capabilities for dumpcap.
sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcapYou may also need to run
dpkg-reconfigurefor wireshark-common if you install Wireshark or tshark as a package through Synaptic and enable packet capture for non-root users.sudo dpkg-reconfigure wireshark-common
It will probably need root credential to put the network card into premiscious mode. You need to set the user id or run it with sudo. Sudo is the better, more secure, option.
1
