Oct 272011

I knew Linux had capability bits, but I had never used them until a friend figured out a way to run wireshark as a normal user and still capture packets. For a Network Engineer, this is really handy. I think distributions should make this standard.

sudo groupadd wireshark
sudo usermod -a -G wireshark YOUR_USER_NAME
sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 750 /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
sudo getcap /usr/bin/dumpcap

The shell snippet is really trimmed down. For more details, check out tavshed’s blog post.

 Posted by at 10:41

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>