How to set up wireshark to run without root on Debian?
Solution 1
By installing Wireshark packages non-root users won't gain rights automatically to capture packets.
You need root
privileges to capture traffic with Wireshark (or dumpcap
, for that matter). According to the manual you mentioned, it should be possible to add your user to the wireshark
group though:
useradd -G wireshark your-user-name
Don't know if that alone will work though. Here's also a guide from Wireshark Blog that explains it a bit more:
sudo -s
groupadd -g wireshark
usermod -a -G wireshark your-user-name
chgrp wireshark /usr/bin/dumpcap
chmod 4750 /usr/bin/dumpcap
That being said, you can safely run Wireshark to inspect, edit or filter packet dumps without root
privileges.
Solution 2
The file is actually /usr/share/doc/wireshark-common/README.Debian
.
What you need to do is:
sudo dpkg-reconfigure wireshark-common
Choose the "yes" option.
usermod -a -G wireshark your-user-name
Logout and log back in to pick up the new group membership and you can now run wireshark as a non-root user.
Related videos on Youtube
user269334
Updated on September 18, 2022Comments
-
user269334 over 1 year
I'm trying to use
wireshark
on a Debian machine, but when I run it with my non-root user account, it doesn't detect any network interface.I also tried running wireshark as root, but wireshark tells me this method is insecure.
I also read the FAQ and found "read the file on /usr/shared/wireshark-common/README.Debian file" - I did read that file, but I still don't know what I'm supposed to do.
-
user269334 over 12 yearsThanks for the details=) Also, I learnt that I should reboot before going 'Y U NOT WORKING'. Now it works brilliantly!!!
-
slhck over 12 yearsThat's perfect, glad I could help. Rebooting normally shouldn't be necessary, logging out and in should in most cases fix issues.
-
cdhowie over 11 yearsThis should really be the accepted answer; using
dpkg-reconfigure wireshark
is the right way to set up the wireshark group on Debian systems. Making dumpcap setuid (as in the accepted answer) is unnecessary, as the package scripts will set up the appropriate caps on the group. -
Stuart Cardall over 8 yearsI don't have enough points to add a comment but to save having to log off to update Group Membership : su - $USER wireshark&
-
bryn over 7 years@Stuart Better: Just type
newgrp wireshark
in your shell. If you are part of that group, the shell will pick up your new membership (on request).