Install Wireshark on Linux and Allow non-root User to Capture Packets

In this tutorial, I’m going to show you how to install wireshark on Archlinux, Debian/Ubuntu, Fedora. By default, only root can capture packets and I will explain how to let non-root users to be able to capture packets.

Installation

Archlinux

sudo pacman -S wireshark-gtk

or

sudo pacman -S wireshark-qt

Debian/Ubuntu

sudo apt-get install wireshark

During the installation process, it will let you know that by default non-root users are not allowed to capture packet. Hit Enter.

Install Wireshark on Linux

Next, it will ask you Should non-superusers be able to capture packets? Press the left arrow key on your keyboard to select <Yes> and hit Enter.

Install Wireshark on Linux

Elementary OS

sudo apt-get install wireshark

Fedora

sudo dnf install wireshark-gnome

Start Capturing Packet

A new group named wireshark will be created when installing wireshark. You can verify this by looking at the end of /etc/group file.

tail /etc/group

Note that when installing wireshark on elementray OS, there is no wireshark group, you have to run sudo dpkg-reconfigure wireshark-common command to create wireshark group and allow wireshark group members to be able to capture packets.

Running Wireshark as root is insecure. To run wireshark as normal user you have to add yourself into wireshark group.

sudo gpasswd -a <username> wireshark

Wireshark will be the user’s secondary group. To temporily set wireshark as the user’s primary group, run the following command:

newgrp wireshark

Now start the wireshark program from the terminal:

Archlinux:      wireshark-gtk  or  wireshark-qt
Debian/Ubuntu:  wireshark
Fedora:         wireshark
Elementary OS:  wireshark

If you want to start wireshark in application menu, you have to log out of the current session and log back in.

In the wireshark graphical interface, choose an interface to capture from. In my case I chose the wireless interface wlp3s0. Then click the green shark fin icon to start capturing packets.

Install Wireshark on Linux

Rate this tutorial
[Total: 14 Average: 3.7]

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here