Feb 23, 2012

Run Wireshark as a Normal User on Ubuntu 11.10

Install everything you need:
sudo apt-get install wireshark tshark libcap2-bin
According to /usr/share/doc/wireshark/README.Debian you have to add your user to the group wireshark
# check group
cat /etc/group | grep wireshark

# create it if not exists
sudo groupadd wireshark

# add user to this new group
sudo usermod -a -G wireshark `whoami`
# check user groups
groups `whoami`
# yourusername : yourusergroup ..... wireshark
# or
cat /etc/group | grep wireshark
# wireshark:x:1002:yourusername

# log in to a new group
newgrp wireshark
Then lets add capture privileges http://wiki.wireshark.org/CaptureSetup/CapturePrivileges :
sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 754 /usr/bin/dumpcap
sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap

# ensure that everything ok:
getcap /usr/bin/dumpcap
# /usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip
You shoud be able run tshark without sudo:
tshark -R 'ip.addr==178.159.244.20'

# amqp
tshark -i lo tcp port 5672

No comments: