Running Wireshark as a non root user

In general, we have to run "sudo wireshark" to capture packets. It is very annoying. Luckily, I found solutions that work on my Ubuntu box.

Solution 1:

The simplest way is to run "sudo chmod u+s /usr/bin/dumpcap" once. That's all! Because "dumpcap" is the only part that need root privileges. However, it is not a good practice to enable all to run an executable that has root privileges.

Solution 2:

The better solution is to create a group and allow the members of the group to run "dumpcap" with root privileges:

1. "sudo vi /etc/group" to create a new group, say "wireshark", and enroll yourself to this group
2. "sudo chgrp wireshark /usr/bin/dumpcap"
3. "sudo chmod 4754 /usr/bin/dumpcap"

Logout and login again to take the new groupship and you can use Wireshark to capture packets as a non-root user.

Solution 3:

The best solution is to grant "dumpcap" the right to do its job without involving root access at all:

1. Same as step 1 & 2 of Solution 2
2. "sudo chmod 750 /usr/bin/dumpcap"
3. "sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap"

References:

• https://blog.wireshark.org/2010/02/running-wireshark-as-you
• http://wiki.wireshark.org/CaptureSetup/CapturePrivileges