Running Wireshark as a Non-root user…

Hi all.

Wireshark… network packet sniffer. When opening it as user I had no capturing interfaces to use as a source for sniffing. I don’t feel comfortable running Wireshark as root. Nothing should be run with root privileges unless there is absolutely no other option. So I have decided to mess around with Wireshark and to enable the packet capturing for a non-root user. After a bit of search online I was able to do so.

Here is how.

I assume that You have PCLinuxOS installed / fully upgraded and that You have installed Wireshark.

Run those commands to allow non-root user the Wireshark access:

su

give it a root password

apt-get --yes install libpcap libcap-utils

give it some time to finish.

groupadd wireshark

usermod -a -G wireshark andrzejl

You need to change andrzejl to Your login.

chgrp wireshark /usr/bin/dumpcap

chmod 750 /usr/bin/dumpcap

chmod o+x /usr/bin/dumpcap

setcap cap_net_raw,cap_net_admin=eip /usr/sbin/dumpcap

getcap /usr/bin/dumpcap

after that You can run:

exit

wireshark

This will start Wireshark from Your user account. You should now have access to the capturing interfaces.

Wireshark as a non-root user.

Hope this helps somebody someday.

Andy

Advertisements