Dotan Cohen wrote:
Despite warnings about running Wireshark as root, on my Ubuntu 9.10
system the app sees no network interfaces unless I run it as root. Is
this normal? I've googled for "Ubuntu wireshark" and it does seem that
self-styled journalists (blogs) recommend running as root, but I do
not trust them for best practices.
On most OS[1] you need "root" (or similar) privileges in order to open
the network device in a manner that allows you to capture packets.
Running Wireshark (the GUI) as root is strongly discouraged: since 1.0
Wireshark has had a separate utility (dumpcap) that contains all the
packet capture code: only that utility needs to run as root, allowing
you to run the multiple million lines of code in the bulk of Wireshark
as a normal user.
[1] BSD derived systems allow you to change the permissions of the
devices in such a manner that non-root users can capture on them.
See: http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
for more info.