Posts Tagged ‘wireshark’

Non-root wireshark capturing in Linux

May 29, 2012

 On Debian-based platforms (such as Ubuntu) by default you can’t capture data unless you are root. Some information about this is given here. However you can change this so anyone in the wireshark group can capture.  There is a security concern in this but it seems to me not much worse than starting a root shell to do the capture.

First reconfigure the wireshark install.

$ sudo dpkg-reconfigure wireshark-common

Select ‘Yes’ to enable SUID in wireshark.

Now add the users you want to the wireshark group.

$ sudo adduser user1 wireshark

You may also need to set caps.

$ sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap

Before you are able to capture you will need to log out and log back in again for the groups change to take effect.

More info on capture priviledges.

Advertisements