Using Wireshark in Ubuntu

There are two aspects of using Wireshark in Ubuntu (or Debian for that matter): capturing packets and displaying packets. To display packets or view pcap files you don’t need to run Wireshark as root. You also don’t need to do anything extra other than installing it. However, to capture packets you need root privileges. If you don’t have root privileges or want to capture packets as your regular user then you need a few extra steps.

Install Wireshark: sudo apt-get install wireshark

Configure Wireshark to allow non-root users to capture packets: sudo dpkg-reconfigure wireshark-common

Add your user to the wireshark group to be able to capture packets: sudo usermod -a -G wireshark cguser

Logout and login again to finalize the addition to the group.

Now when you start Wireshark as a regular (non-root) user you’ll be able to capture and display packets.

Note: This was tested working in Ubuntu 14.04 LTS Trusty Tahr.

Comments are closed.

%d bloggers like this: