Skip to content

Running Wireshark as non-root user on OpenSUSE

by john on April 8th, 2010

If you run Wireshark as root you are opening yourself up to some serious security risks. Best to run it as your regular user. But that's a heck of a lot more difficult then it sounds.

Here's the fix. I got the information from these sites -

http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

http://packetlife.net/blog/2010/mar/19/sniffing-wireshark-non-root-user/

NOTE: I installed the latest SVN release of Wireshark from source using './configure --prefix=/opt', make, make install so that it wouldn't interfere with my already installed version of Wireshark. I also made the following changes to the current install of dumpcap under /usr/bin.

Add 'file_caps=1' to your kernel options in /boot/grub/menu.lst
Reboot

# groupadd wireshark
# usermod -G wireshark jholbrook
# chgrp wireshark /opt/bin/*
# chmod 750 /opt/bin/dumpcap
# setcap cap_net_raw,cap_net_admin=eip /opt/bin/dumpcap
# getcap /opt/bin/dumpcap
/opt/bin/dumpcap = cap_net_admin,cap_net_raw+eip

Then as a regular user I can now run Wireshark and see all my network interfaces.
$ /opt/bin/wireshark

From → How To, Linux

No comments yet

Leave a Reply

Note: XHTML is allowed. Your email address will never be published.

Subscribe to this comment feed via RSS