Run Wireshark (not) as Root

We all know, that capturing packets on any interface requires root access.(ok maybe not all, but it’s true) But wireshark is too large and complex a program to be given root permissions. (Do keep this in mind, programs with more than 20,000 lines of code are a risk in sudo).

Luckily for us, the portion of Wireshark that does packet capturing is a much smaller program, which can easily be allowed some capabilities. So we just set some obscure variable names from the kernel  into this thing, and voila, it works.

Here’s the best way to make it work.

sudo apt-get install libcap2-bin
sudo groupadd -g wireshark
sudo usermod -a -G wireshark <Insert-Your-Username-Here>
sudo chmod 750 /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

Thank this guy (he has a better explanation too)