How to run Wireshark for non root user on Linux Debian (Ubuntu 12.04)


    Wireshark is a network packet analyzer that widely use in the technical community to capture and analyze packet.Wireshark can be use to capture most type of known packet protocol and the software development is still on going. In this post, I'm going to share how you can run Wireshark without using root on your Debian Linux system .

    In order for Wireshark to capture packet in Linux, we always need to run it as root. This practice is not advisable to use because Wireshark will capture raw packet from the network. By running as root,it open an opportunity for our system to be exploit . A successful exploit will have an immediate control of our  whole system, compromising it completely. For this reason we must be careful when running Wireshark . For further reading on this topic, you can find it   here.

   To solve this problem, we need to know that Wireshark used a program call  "dumpcap"  to capture  real life traffic. "dumpcap" is a network traffic dump tool that let your machine  capture packet data from a live network and write the packets to a file. "Dumpcap"'s default capture file format is pcap-ng format. By configuring this program accessible to non root user, we can solve this issue.

  Since I don't use root to do my job, below is how I configure my system  machine to run with Wireshark. In the example below 'shark_attack'  is my username.Change it to your non user root username .

shark_attack@Positive-Space:~$ sudo chgrp shark_attack /usr/bin/dumpcap
shark_attack@Positive-Space:~$ sudo chmod 750 /usr/bin/dumpcap
shark_attack@Positive-Space:~$ sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap

   After you have configure this, try to run your Wireshark .This trick should work. There is also other solution that you can use. Please check it out here .

That's it for now .Please subscribe this page and drop some comment  on the box below.

Previous
Next Post »