Getting Started with WireShark

Getting Started with WireShark.

-- Tom

 

One can run wireshark without being root, even when capturing traffic. You just have to add the user to Wireshark group by adduser command.

I have played with Wireshark a few times. I got all the AT commands my USB modem sends by analysing the USB traffic.

 

Thanks

I must say, however, that running wireshark as root is needlessly risky.

As described in <-http://askubuntu.com/questions/74059/how-do-i-run-wireshark-with-root-privileges->, you can configure wireshark to allow a non-root user to sniff packets by running these commands in a terminal:

foo@bar:~$ sudo dpkg-reconfigure wireshark-common
foo@bar:~$ sudo adduser $USER wireshark

Edit: Nice handle, UnknownK

 

Thanks for the tip... Just installed Wireshark last night and can't figure out how to run it without running as root. Question though regarding the last command line, will the command enable all users to run Wireshark non-root?

 

It only affects the logged-in user that runs the command.

 

Thanks!

 

In place of $USER you will put your username on the system, say jnthn. This way there's no chance for other users.

 

You want to run it as root.
Mrk

 

Run this command as root in a terminal and you will be able to use Wireshark as user.

Code:

setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap

Save this command in a text file or something as you need to run it every time you update Wireshark.

 

No, you just use the command. "$USER" sees the user for the session that you're in. Even if another user is logged in, the command won't affect their Wireshark setup.