26
10
I'm trying to use wireshark on a Debian machine, but when I run it with my non-root user account, it doesn't detect any network interface.
I also tried running wireshark as root, but wireshark tells me this method is insecure.
I also read the FAQ and found "read the file on /usr/shared/wireshark-common/README.Debian file" - I did read that file, but I still don't know what I'm supposed to do.
user269334
Posted 2011-08-06T16:36:01.797
Reputation: 411
13
By installing Wireshark packages non-root users won't gain rights automatically to capture packets.
You need root privileges to capture traffic with Wireshark (or dumpcap, for that matter). According to the manual you mentioned, it should be possible to add your user to the wireshark group though:
useradd -G wireshark your-user-name
Don't know if that alone will work though. Here's also a guide from Wireshark Blog that explains it a bit more:
sudo -s
groupadd -g wireshark
usermod -a -G wireshark your-user-name
chgrp wireshark /usr/bin/dumpcap
chmod 4750 /usr/bin/dumpcap
That being said, you can safely run Wireshark to inspect, edit or filter packet dumps without root privileges.
slhck
Posted 2011-08-06T16:36:01.797
Reputation: 182 472
48
The file is actually /usr/share/doc/wireshark-common/README.Debian.
What you need to do is:
sudo dpkg-reconfigure wireshark-common
Choose the "yes" option.
usermod -a -G wireshark your-user-name
Logout and log back in to pick up the new group membership and you can now run wireshark as a non-root user.
notfred
Posted 2011-08-06T16:36:01.797
Reputation: 481
1I don't have enough points to add a comment but to save having to log off to update Group Membership : su - $USER wireshark& – Stuart Cardall – 2015-09-13T22:40:50.587
@Stuart Better: Just type newgrp wireshark in your shell. If you are part of that group, the shell will pick up your new membership (on request). – bryn – 2016-07-29T00:17:34.270
10This should really be the accepted answer; using dpkg-reconfigure wireshark is the right way to set up the wireshark group on Debian systems. Making dumpcap setuid (as in the accepted answer) is unnecessary, as the package scripts will set up the appropriate caps on the group. – cdhowie – 2012-11-06T17:38:55.887
0
You can run wireshark without sudo access using
sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap
amit
Posted 2011-08-06T16:36:01.797
Reputation: 101
Can you please explain how sudo setcap... can be run without sudo access? Your answer does not make any sense. – DavidPostill – 2016-06-07T10:15:39.397
setcap is use to set the privileges as non root user for capturing, I have [follow]: https://wiki.wireshark.org/CaptureSetup/CapturePrivileges/
– amit – 2016-06-09T08:01:44.037this did not work – Aidan Melen – 2017-04-04T17:46:46.790
Thanks for the details=) Also, I learnt that I should reboot before going 'Y U NOT WORKING'. Now it works brilliantly!!! – user269334 – 2011-08-08T16:58:28.553
That's perfect, glad I could help. Rebooting normally shouldn't be necessary, logging out and in should in most cases fix issues. – slhck – 2011-08-08T17:00:25.117