Wireshark on Ubuntu

A repeating problem after new Linux installations is to get Wireshark running with access to the Ethernet interfaces as non-root user.

Here is the recipe (tried successfully on Linux Mint 13, 64 bit):

 

Overview:
A group for users to get access to the Ethernet interfaces must be created ("wireshark" is pretty descriptive), the user in question becomes member of this group. The binary "dumpcap", which accesses the NICs, needs to become member of the same group and needs execution rights to be granted to the group members. Finally, the dumpcap binary needs to get the needed capabilities granted. Capabilities exist since kernel 2.2 and allow to grant certain rights to non-root processes. We need:
cap_net_raw: allows access to the raw socket data
cap_net_admin: allows various network modifications, e.g. to enable promiscuous mode

sudo groupadd wireshark
# create a new group "wireshark"
#
sudo usermod -a -G wireshark
# add yourself or other users to that group
#
sudo chgrp wireshark /usr/bin/dumpcap
# change dumpcap's group membership to "wireshark"
#
sudo chmod 750 /usr/bin/dumpcap
# allow execution of dumpcap to "wireshark" group members
#
# result: -rwxr-x--- 1 root wireshark 79896 Oct 10 2012 /usr/bin/dumpcap
#
sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap
# set file capabilities (grant permissions)
#

Comments   

0 #1 Dave 2013-06-16 13:55
Thank You! You instructions worked perfectly. The help file in Wireshark is incomplete and therfore useless in my opinion. Your "How To" has ended days of searching. Thank Again You Sir.

You have no rights to post comments

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.

Ok