My apologies for the rather extensive delay. Other things came up, and it took me longer than I thought it would to figure out what was going on.
Short answer: running "sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_DAC_OVERRIDE+eip' /usr/bin/dumpcap" should grant you the ability to capture USB packets as non-root (as long as you're in the wireshark group, of course). This is a *workaround*, and is not-nice from a security perspective (although it's still better than running the whole of wireshark as root). More details are below the cut. --- Running dpkg-reconfigure as you did simply automates the steps listed at [1] and [2]. This uses the linux capabilites subsystem [3] to grant the dumpcap program (the part of wireshark that actually does the capturing) the NET_RAW and NET_ADMIN capabilities so it can capture on network interfaces without full root privileges. The USB capture component of dumpcap uses a different interface from the network capture, as the kernel exposes the two types of devices in different ways. The USB devices are exposed via the /dev/usbmonXXX device files, which are read/writable by root only. Setting the NET_* capabilities has no effect on dumpcap's ability to access those files. Unfortunately, the only capability I've found that does grant dumpcap the ability to access those files is the DAC_OVERRIDE capability (DAC stands for Discretionary Access Control). With this capability, dumpcap can read/write to ANY file on the filesystem regardless of that file's permissions or owner. This means it can access the USB device files, but it also means it gets access to all the other dangerous files on the filesystem. The optimal solution would be for Linux to provide more fine-grained capabilities so that it is possible to grant dumpcap USB access without all of the other dangerous stuff that comes with it. For now, it's understandable why Wireshark doesn't want to open up that security hole by default. If anything is unclear, please don't hesitate to ask. Evan [1] http://wiki.wireshark.org/CaptureSetup/CapturePrivileges#Setting_network_privileges_for_dumpcap [2] http://wiki.wireshark.org/CaptureSetup/CapturePrivileges#Limiting_capture_permission_to_only_one_group [3] http://linux.die.net/man/7/capabilities -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/893828 Title: Granting Wireshark capture privileges does not allow USB capture To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/893828/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
