Wireshark on Ubuntu
A repeating problem after new Linux installations is to get Wireshark running with access to the Ethernet interfaces as non-root user.
Here is the recipe (tried successfully on Linux Mint 13, 64 bit):
Overview:
A group for users to get access to the Ethernet interfaces must be created (“wireshark” is pretty descriptive), the user in question becomes member of this group. The binary “dumpcap”, which accesses the NICs, needs to become member of the same group and needs execution rights to be granted to the group members. Finally, the dumpcap binary needs to get the needed capabilities granted. Capabilities exist since kernel 2.2 and allow to grant certain rights to non-root processes. We need:
cap_net_raw: allows access to the raw socket data
cap_net_admin: allows various network modifications, e.g. to enable promiscuous mode
sudo groupadd wireshark
# create a new group “wireshark”
#
sudo usermod -a -G wireshark
# add yourself or other users to that group
#
sudo chgrp wireshark /usr/bin/dumpcap
# change dumpcap’s group membership to “wireshark”
#
sudo chmod 750 /usr/bin/dumpcap
# allow execution of dumpcap to “wireshark” group members
#
# result: -rwxr-x— 1 root wireshark 79896 Oct 10 2012 /usr/bin/dumpcap
#
sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap
# set file capabilities (grant permissions)
#