bytebasket.com

...applied technology

 
  • Increase font size
  • Default font size
  • Decrease font size
Home How To... Wireshark on Ubuntu

Wireshark on Ubuntu

E-mail Print PDF

Wireshark on Ubuntu

A repeating problem after new Linux installations is to get Wireshark running with access to the Ethernet interfaces as non-root user.

Here is the recipe (tried successfully on Linux Mint 13, 64 bit):

Overview:
A group for users to get access to the Ethernet interfaces must be created ("wireshark" is pretty descriptive), the user in question becomes member of this group. The binary "dumpcap", which accesses the NICs, needs to become member of the same group and needs execution rights to be granted to the group members. Finally, the dumpcap binary needs to get the needed capabilities granted. Capabilities exist since kernel 2.2 and allow to grant certain rights to non-root processes. We need:
cap_net_raw: allows access to the raw socket data
cap_net_admin: allows various network modifications, e.g. to enable promiscuous mode

sudo groupadd wireshark
# create a new group "wireshark"
#
sudo usermod -a -G wireshark <YOUR_USER_NAME>
# add yourself or other users to that group
#
sudo chgrp wireshark /usr/bin/dumpcap
# change dumpcap's group membership to "wireshark"
#
sudo chmod 750 /usr/bin/dumpcap
# allow execution of dumpcap to "wireshark" group members
#
# result: -rwxr-x--- 1 root wireshark 79896 Oct 10  2012 /usr/bin/dumpcap
#
sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap
# set file capabilities (grant permissions)
#

 

Comments  

 
0 #1 Dave 2013-06-16 23:40
Thank You! You instructions worked perfectly. The help file in Wireshark is incomplete and therfore useless in my opinion. Your "How To" has ended days of searching. Thank Again You Sir.
Quote