How to enable Wireshark without running as root in Trusty 14.04

Question

I installed Wireshark. Running as root is not recommended, so

I Did

sudo dpkg-reconfigure wireshark-common

According to:

http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

http://anonscm.debian.org/viewvc/collab-maint/ext-maint/wireshark/trunk/debian/README.Debian?view=markup

Answered Yes, Logout out Started Wireshark and got this message:

couldn't run /usr/bin/dumpcap in child process: Permission Denied.

I think I followed the recommended way of configuring Wireshark, it worked in 13.10, it doesn't in 14.04

FYI, reconfiguring wireshark-common is actually setting the group for dumpcap to Wireshark. Still it doesn't work. I checked that.

How should it be done in 14.04?

I guess you've already checked that you, the user, are in the wireshark group — Akronix, May 01 '14 at 09:03
Yes. that said, I stumble on this
`groups $USER`

does list wireshark

`groups $user`

does NOT list wireshark — Janghou, May 01 '14 at 09:14
possible duplicate of How do I run wireshark, with root-privileges? — Eric Carvalho, Apr 08 '15 at 12:41
Simply run this: sudo usermod -aG wireshark $USER. Then, log out and back in again. — l3x, Nov 08 '18 at 20:46

score 81 · Answer 1 · edited Jun 29 '16 at 03:07

81

I found that after running:

sudo dpkg-reconfigure wireshark-common

a wireshark group been created in /etc/gshadow. So I just wrote:

sudo gpasswd -a $USER wireshark

and logout/login and now it works fine!

edited Jun 29 '16 at 03:07

heemayl

91,753

answered May 05 '14 at 10:38

user278162

811

Three cheers. This should be marked as the solution but OP probably abandoned the thread. – Hack-R Aug 20 '17 at 15:27
2

Instead of logout/login, just type newgrp wireshark as your normal user, it is faster, and works the same in my experience with 18.04. – Nicolas Raoul May 28 '18 at 07:27
Yeah it works, can you please explain above commands in detail, or can provide any link? – Abhay Sehgal May 05 '19 at 11:50
Works 101% Thanks! – Detained Developer Jan 22 '20 at 16:55

score 26 · Answer 2 · edited Jun 29 '16 at 03:09

26

Yes, you did correct. But some thing is missing.If you see the error message like couldn't run /usr/bin/dumpcap in child process: Permission Denied.Go to terminal and

sudo dpkg-reconfigure wireshark-common

choose answer as "YES" .Then add user to the group by

sudo adduser $USER wireshark

Then restart your machine and open wireshark. It works.

edited Jun 29 '16 at 03:09

heemayl

91,753

answered May 27 '16 at 09:39

Thusitha Sumanadasa

1,536

4

You don't have to restart. Logging out/in would do. – heemayl Jun 29 '16 at 03:08
1

Don't forget to add the "-a" parameter to the adduser command.
-a, --add USER add USER to GROUP
– Thanos Oct 19 '16 at 12:48
2

I had to restart - login/out did not work (ubuntu 16.10-64bit) – TmTron Feb 27 '17 at 17:36
Yeah it works, can you please explain above commands in detail, or can provide any link? – Abhay Sehgal May 05 '19 at 11:50

score 3 · Answer 3 · edited Apr 13 '17 at 12:23

3

sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap

Check this question

edited Apr 13 '17 at 12:23

Community

1

answered May 05 '14 at 10:52

Mohammad Reza Rezwani

10,286
36
92
128

Now I can see all the Interfaces, but the error messages still showing up when the program is starting. – Francisco Corrales Morales May 24 '16 at 04:45

How to enable Wireshark without running as root in Trusty 14.04

3 Answers3

Linked