Wireshark capture without root privileges under Debian


#1

You don’t need to have root privileges to capture network packets in wireshark.

You just need to add usernames which you want to give capture privileges to group wireshark like below:

$ sudo adduser john wireshark

Users in wireshark group can run wireshark utility without gksu or similar tools to get root privileges. This scenario works with the help of the Linux Capabilities Api. If currently running kernel doesn’t have the Capabilities support at the time of package installation, the installer will fall back to set the set-user-id bit to allow non-root users to capture packets.

See man page of Linux Capabilities Api

After that you have to reconfigure wireshark-common package and answer Yes to question “Should non-superusers be able to capture packets?

$ sudo dpkg-reconfigure wireshark-common

Please note that, group changes takes effect after logging out from current X session an login again.