Copying README.Debian [0] here: Capturing packets with Wireshark/Tshark There are two ways of installing Wireshark/Tshark on Debian:
I. Installing dumpcap with SETUID bit set Members of group wireshark will be able to capture packets on network interfaces. This is the preferred way of installation if Wireshark/Tshark will be used for capturing and displaying packets at the same time, since that way only the dumpcap process has to be run with root privileges thanks to the privilege separation[1]. Note that no user will be added to group wireshark automatically, the system administrator has to add them manually. II. Installing dumpcap without SETUID bit set Only root user will be able to capture packets. It is advised to capture packets with the bundled dumpcap program as root and then run Wireshark/Tshark as an ordinary user to analyze the captured logs. [2] The installation method can be changed anytime by running: dpkg-reconfigure wireshark-common [1] http://wiki.wireshark.org/Development/PrivilegeSeparation [2] http://wiki.wireshark.org/CaptureSetup/CapturePrivileges [0] http://svn.debian.org/wsvn/collab-maint/ext- maint/wireshark/trunk/debian/README.Debian -- cannot perform packet captures as a regular user https://bugs.launchpad.net/bugs/483106 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs -- universe-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/universe-bugs
