We all know, that capturing packets on any interface requires root access.(ok maybe not all, but it’s true) But wireshark is too large and complex a program to be given root permissions. (Do keep this in mind, programs with more than 20,000 lines of code are a risk in sudo).
Luckily for us, the portion of Wireshark that does packet capturing is a much smaller program, which can easily be allowed some capabilities. So we just set some obscure variable names from the kernel into this thing, and voila, it works.
Here’s the best way to make it work.
sudo apt-get install libcap2-bin sudo groupadd -g wireshark sudo usermod -a -G wireshark <Insert-Your-Username-Here> sudo chmod 750 /usr/bin/dumpcap sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
Thank this guy (he has a better explanation too)