Using Wireshark in Ubuntu
June 3, 2014
There are two aspects of using Wireshark in Ubuntu (or Debian for that matter): capturing packets and displaying packets. To display packets or view pcap files you don’t need to run Wireshark as root. You also don’t need to do anything extra other than installing it. However, to capture packets you need root privileges. If you don’t have root privileges or want to capture packets as your regular user then you need a few extra steps.
sudo apt-get install wireshark
Configure Wireshark to allow non-root users to capture packets:
sudo dpkg-reconfigure wireshark-common
Add your user to the wireshark group to be able to capture packets:
sudo usermod -a -G wireshark cguser
Logout and login again to finalize the addition to the group.
Now when you start Wireshark as a regular (non-root) user you’ll be able to capture and display packets.
Note: This was tested working in Ubuntu 14.04 LTS Trusty Tahr.