Wireshark Capure as Regular User

Wireshark can run as a regular user. It doens’t need root access anymore and will give an error if you run it as root.

To make it work, I just had to add the user to the ‘wireshark’ group. Then it ran just fine.

You can change the perms to run as setuid. (You may need to replace /usr/sbin with /usr/bin).

chown root:wireshark /usr/sbin/dumpcap

chmod u=rwx,u+s,g=rx,o-rx /usr/bin/dumpcap

Or you can use the setcap to set the perms:

setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/sbin/dumpcap

See here for more info: https://wiki.wireshark.org/CaptureSetup/CapturePrivileges