Oct 272011

I knew Linux had capability bits, but I had never used them until a friend figured out a way to run wireshark as a normal user and still capture packets. For a Network Engineer, this is really handy. I think distributions should make this standard.

sudo groupadd wireshark
sudo usermod -a -G wireshark YOUR_USER_NAME
sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 750 /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
sudo getcap /usr/bin/dumpcap

The shell snippet is really trimmed down. For more details, check out tavshed’s blog post.

 Posted by at 10:41