How do I run wireshark, with root-privileges?


For WireShark there's a better way. The bit that normally needs root is the packet collection application and this can be configured to allow certain people to use it without sudo, gksu, etc.

In a terminal (very important that you're in a terminal, not just the Alt+F2 dialogue) run this:

sudo dpkg-reconfigure wireshark-common

This will ask you if you want to allow non-root user to be able to sniff. That's what we're aiming for, so select Yes and hit return.

This adds a wireshark group. Anybody in that group will be able to sniff without being root. This is obviously more secure than just letting anybody sniff but does mean there's no password checking. Technically any person with access to a computer logged in with a wireshark account will be able to sniff. If that's acceptable to you, carry on.

If not, run that again and select no.

Then you just need to add the user to that group. Run this:

sudo adduser $USER wireshark

And restart...

0 0

As part of my journey with Node.js I decided I wanted to see exactly what was happening on the wire. I decided to use Burp Suite as the Http proxy interceptor and Wireshark as the network sniffer (not an interceptor). Wireshark can’t alter the traffic, it can’t decrypt SSL traffic unless the encryption key can be provided and Wireshark is compiled against GnuTLS.

This post is targeted at getting Wireshark running on Linux. If you’re a windows user, you can check out the Windows notes here.

When you first install Wireshark and try to start capturing packets, you will probably notice the error “You didn’t specify an interface on which to capture packets.”

When you try to specify an interface from which to capture, you will probably notice the error “There are no interfaces on which a capture can be done.”

You can try running Wireshark as root: gksudo wireshark

This will work, but of course it’s not a good idea to run a comprehensive tool...

0 0

You need to run Wireshark or TShark on an account with sufficient privileges to capture, or need to give the account on which you're running Wireshark or TShark sufficient privileges to capture. The way this is done differs from operating system to operating system.

To be secure (at least in a way), it is recommended that even an administrator should always run in an account with (limited) user privileges, and only start processes that really need the administrator privileges. The Security page provides explanations why this is a good idea.

Virtual machine

If you are running inside a virtual machine, make sure the host allows you to put the interface into promiscous mode.


The WinPcap driver (called NPF) is loaded by Wireshark when it starts to capture live data. This requires administrator privileges. Once the driver is loaded, every local user can capture from it until it's stopped again.

Note: Simply stopping Wireshark won't...

0 0

This article focuses on Linux and some UNIXes. For Windows users, there is some good info in the Wireshark wiki.

Many network engineers become dismayed the first time they run Wireshark on a Linux machine and find that they don't have access to any network interfaces. This is because, by default, raw access to network interfaces (e.g. eth0) requires root privileges. Unfortunately, this often prompts people to simply run Wireshark as root - a bad idea. As an older Gentoo Linux ebuild of Wireshark warns:


Indeed, due to the complexity and sheer number of its many protocol dissectors, Wireshark is inherently vulnerable to malformed traffic (accidental or otherwise), which may result in denial of service conditions or possibly arbitrary code execution. But if we shouldn't run Wireshark with root privileges, how are we to capture packets?

The lead developer of...

0 0


You can install wireshark but if you installed Ubuntu server, you shouldn’t even use the GUI.

Instead do the following:
sudo apt-get install tshark

Then check if it’s installed:
tshark -v

Then use the following to capture your network traffic:
Dump and analyze network traffic

Here is a link to my blog which will show you to setup Wireshark with a GUI if you prefer [Lubuntu 15.10 Install]:
How to install Wireshark

To Analyze the captured packets, you could use SFTP or SSH to transfer the .pcap files to a workstation with the GUI Wireshark.

If you are using Ubuntu Server, you would want to leave it without GUI.

My Experience: I’ve installed Ubuntu Server and used Tshark on Windows,CentOS,Ubuntu,Lubuntu

The GUI version “Wireshark” if you were to run a major packet capture in a series back to back, the GUI crashes versus the terminal/command prompt version will not crash during a huge process like...

0 0

By installing Wireshark packages non-root users won't gain rights automatically to capture packets.

You need root privileges to capture traffic with Wireshark (or dumpcap, for that matter). According to the manual you mentioned, it should be possible to add your user to the wireshark group though:

useradd -G wireshark your-user-name

Don't know if that alone will work though. Here's also a guide from Wireshark Blog that explains it a bit more:

sudo -s groupadd -g wireshark usermod -a -G wireshark your-user-name chgrp wireshark /usr/bin/dumpcap chmod 4750 /usr/bin/dumpcap

That being said, you can safely run Wireshark to inspect, edit or filter packet dumps without root...

0 0

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues.

Wireshark is cross-platform, using the GTK+ widget toolkit in current releases, and Qt in the development version, to implement its user interface, and using pcap to capture packets; it runs on GNU/Linux, OS X, BSD, Solaris, some other Unix-like operating systems, and Microsoft Windows. There is also a terminal-based (non-GUI) version called TShark. Wireshark, and the other programs distributed with it such as TShark, are free software, released under the terms of the GNU General Public License.

Wireshark allows the user to put network interface controllers that support promiscuous mode into that mode, in order to see all traffic visible on that interface, not just traffic addressed to one of the...

0 0

You don’t need to have root privileges to capture network packets in wireshark.

You just need to add usernames which you want to give capture privileges to group wireshark like below:

$ sudo adduser john wireshark

Users in wireshark group can run wireshark utility without gksu or similar tools to get root privileges. This scenario works with the help of the Linux Capabilities Api. If currently running kernel doesn’t have the Capabilities support at the time of package installation, the installer will fall back to set the set-user-id bit to allow non-root users to capture packets.

See man page of Linux Capabilities Api

After that you have to reconfigure wireshark-common package and answer Yes to question “Should non-superusers be able to capture packets?”

$ sudo dpkg-reconfigure wireshark-common

Please note that, group changes takes effect after logging out from current X session an login...

0 0

A standard installation of Wireshark doesn't give the program permission to access the network interface.

I suppose I have to run the program with sudo, but do not know how to add it to the icon - if that's the way to do it.

For WireShark there's a better way. The bit that normally needs root is the packet collection application and this can be configured to allow certain people to use it without sudo, gksu, etc.

In a terminal (very important that you're in a terminal, not just the Alt+F2 dialogue) run this:

sudo dpkg-reconfigure wireshark-common

This will ask you if you want to allow non-root user to be able to sniff. That's what we're aiming for, so select Yes and hit return.

This adds a wireshark group. Anybody in that group will be able to sniff without being root. This is obviously more secure than just letting anybody sniff but does mean there's no password checking. Technically any person with access to a computer logged in with a...

0 0

Network Analysis With Wireshark On Ubuntu 9.10

Version 1.0
Author: Falko Timme
Follow me on Twitter

Wireshark is a network protocol analyzer (or "packet sniffer") that can be used for network analysis, troubleshooting, software development, education, etc. This guide shows how to install and use it on an Ubuntu 9.10 desktop to analyze the traffic on the local network card.

This document comes without warranty of any kind! I do not issue any guarantee that this will work for you!

1 Installing Wireshark

Go to Applications > Ubuntu Software Center...

... and search for wireshark:

Mark the Wireshark package and click on the arrow on the right:

On the next screen, click the Install button:

Type in your password:

Wireshark is now being downloaded and installed:

You can close the Ubuntu Software Center window afterwards:


0 0
I have installed wireshark from the software center. When I run it, I have no capture options because I'm not root. When I run it as root, wireshark warns me


Running as user "root" and group "root". This could be dangerous. If you're running Wireshark this way in order to perform live capture, you may want to be aware that there is a better way documented at /usr/share/doc/wireshark-common/README.DebianI read the README file and either the documentation is obtuse or I am. Here's what that file says:


Members of the wireshark group will be able to capture packets on network interfaces. This is the preferred way of installation if Wireshark/Tshark will be used for capturing and displaying packets at the same time, since that way only the dumpcap process has to be run with elevated privileges thanks to the privilege separation[1]. Note that no user will be added to group wireshark automatically, the system administrator has to add them...
0 0
0 0

$ zbwireshark -c 23
Warning: You are using pyUSB 1.x, support is in beta.
Traceback (most recent call last):
File "/usr/local/bin/zbwireshark", line 4, in
import('pkg_resources').run_script('killerbee==2.6.0', 'zbwireshark')
File "/usr/lib/python2.7/dist-packages/pkg_resources/", line 739, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python2.7/dist-packages/pkg_resources/", line 1501, in run_script
exec(script_code, namespace, namespace)
File "/usr/local/lib/python2.7/dist-packages/killerbee-2.6.0-py2.7-linux-x86_64.egg/EGG-INFO/scripts/zbwireshark", line 104, in
File "/usr/local/lib/python2.7/dist-packages/killerbee-2.6.0-py2.7-linux-x86_64.egg/EGG-INFO/scripts/zbwireshark", line 59, in main
File "build/bdist.linux-x86_64/egg/killerbee/", line 111, in init
File "build/bdist.linux-x86_64/egg/killerbee/", line 127, in init

0 0

I often need to capture BACnet network traffic using Wireshark while I am running Ubuntu Linux. I’ve always had to run Wireshark as root (usually via gksu or kdesu) in order to capture from any interfaces (i.e. eth0, wlan0). For awhile, there was an additional Wireshark menu item that included the “run as root” option. However, running an application “as root” has some downsides (like being insecure), and in the latest release of Ubuntu, there is no menu item to run “as root”. The downside of running as root for me was that the capture files saved by default into /root directory, and saved with root group and owner permissions.

Today, after launching the menu and seeing no interfaces (again), I decided to search the Internet and find a better way, and found two things of note. The first method, which I found posted on Ubuntu Forums, is the manual way of configuring Wireshark to run as a normal user (with admin group privileges) by configuring only dumpcap to have the...

0 0

The internet is inherently insecure. Whenever you send data across it, there is a chance that that data could be sniffed, and someone could end up with your personal data. Hopefully once you've read this article, you'll have a better understanding of how to prevent this from happening.

When data travels through the internet, it needs to pass through multiple connections to get to its final destination. Most people don't realise that the data can be read by any machine it passes through on this journey.

With the right tools, you can sniff this data yourself, and any data that passes through your network. This is because most networks actually send data intended for anyone on that network to all machines on your network, and your computer will ignore anything that's not meant for it. This is especially true for most wireless networks, even networks that are 'secured' with WEP/WPA.

Ooh, what's that smell?

Let's try sniffing some of the data on your...

0 0

Security Auditing Tools

One thing is certain about security auditing tools: The power and sophistication of tools that auditors have at their disposal increase exponentially every year. Not only are the authors of these tools truly brilliant individuals (and some scary ones, too), they have also helped the security community significantly through the automation of advanced testing techniques.

If you attend Blackhat, DefCon, or other security conferences, you can see the latest and greatest additions to this growing list of powerful applications. Fyodor, the author of NMAP, has conducted a yearly survey of the members of his mailing list (over 4,000 high-energy security professionals) to rank the top 100 security tools. This list includes a number of the tools discussed in this section. There are many books written from the security tool perspective, with indepth discussions of the various uses, switches, and techniques to implement these programs. Consider this an...

0 0

Kali linux uses the root user, since root privileges are needed to run various security tools like nmap and wireshark etc. However its uneasy to type the root/toor combination everytime Kali boots. So to make things simple just make the user root login automatically at system start.

And here are the simple steps to do it. Open and edit the file called /etc/gdm3/daemon.conf.

[email protected]:~# leafpad /etc/gdm3/daemon.conf

In the daemon section uncomment the 2 lines for automatic login. It should finally look like this

[daemon] # Enabling automatic login AutomaticLoginEnable = true AutomaticLogin = root

Done. Now reboot and enjoy. You dont need to type the username/password again and...

0 0

Raw sockets allow a program or application to provide custom headers for the specific protocol(tcp ip) which are otherwise provided by the kernel/os network stack. In more simple terms its for adding custom headers instead of headers provided by the underlying operating system.

Raw socket support is available natively in the socket api in linux. This is different from windows where it is absent (it became available in windows 2000/xp/xp sp1 but was removed later). Although raw sockets dont find much use in common networking applications, they are used widely in applications related to network security.

In this article we are going to create raw tcp/ip packets. For this we need to know how to make proper ip header and tcp headers. A packet = Ip header + Tcp header + data.

So lets have a look at the structures.

Ip header

According to RFC 791

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 ...
0 0

More people than ever are using wireless networks as their primary networking medium. Great programs are available under X11 that give users a graphical interface to their wireless cards. Both GNOME and KDE include network management utilities, and a desktop-environment-agnostic utility called wicd also offers great functionality. But, what if you aren't running X11 and want to manage your wireless card? I don't cover how to install and activate your card here (for that, take a look at projects like madwifi or ndiswrapper). I assume your card is installed and configured properly, and that it is called wlan0. Most of the utilities mentioned below need to talk directly to your wireless card (or at least the card driver), so they need to be run with root privileges (just remember to use sudo).

The first step is to see what wireless networks are available in your area. A utility called iwlist provides all sorts of information about your wireless environment. To scan your...

0 0