How to Run Wireshark Without Root

Step 0: Enter root


Step 1: Install Wireshark

(your package manager here) wireshark

Step 2: Create a wireshark group

groupadd wireshark

Step 3: Add your username to the wireshark group

usermod -a -G wireshark (your username here)

Step 4: Change the group ownership of the file dumpcap to wireshark

chgrp wireshark /usr/bin/dumpcap

Step 5: Change the mode of the file dumpcap to allow execution by the group wireshark

chmod 750 /usr/bin/dumpcap

Step 6: Grant capabilities with setcap

setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

Step 7: Reboot the computer


Back to the front page