Getting Started with WireShark

Discussion in 'all things UNIX' started by lotuseclat79, Oct 7, 2013.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Getting Started with WireShark.

    -- Tom
     
  2. UnknownK

    UnknownK Registered Member

    Joined:
    Nov 3, 2012
    Posts:
    160
    Location:
    Unknown
    One can run wireshark without being root, even when capturing traffic. You just have to add the user to Wireshark group by adduser command.

    I have played with Wireshark a few times. I got all the AT commands my USB modem sends by analysing the USB traffic.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Thanks :)

    I must say, however, that running wireshark as root is needlessly risky.

    As described in <-http://askubuntu.com/questions/74059/how-do-i-run-wireshark-with-root-privileges->, you can configure wireshark to allow a non-root user to sniff packets by running these commands in a terminal:

    foo@bar:~$ sudo dpkg-reconfigure wireshark-common
    foo@bar:~$ sudo adduser $USER wireshark

    Edit: Nice handle, UnknownK ;)
     
  4. jnthn

    jnthn Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    185
    Thanks for the tip... Just installed Wireshark last night and can't figure out how to run it without running as root. Question though regarding the last command line, will the command enable all users to run Wireshark non-root?
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    It only affects the logged-in user that runs the command.
     
  6. jnthn

    jnthn Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    185
    Thanks! :)
     
  7. UnknownK

    UnknownK Registered Member

    Joined:
    Nov 3, 2012
    Posts:
    160
    Location:
    Unknown
    In place of $USER you will put your username on the system, say jnthn. This way there's no chance for other users.
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    You want to run it as root.
    Mrk
     
  9. RichM76

    RichM76 Registered Member

    Joined:
    Jun 21, 2013
    Posts:
    4
    Run this command as root in a terminal and you will be able to use Wireshark as user.


    Code:
    setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap

    Save this command in a text file or something as you need to run it every time you update Wireshark.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    No, you just use the command. "$USER" sees the user for the session that you're in. Even if another user is logged in, the command won't affect their Wireshark setup.
     
Loading...
Thread Status:
Not open for further replies.