Wireshark-users: Re: [Wireshark-users] Wireshark needs root privileges?

From: Jakub Zawadzki <darkjames@xxxxxxxxxxxxxxxx>
Date: Thu, 3 Jun 2010 18:13:49 +0200
On Thu, Jun 03, 2010 at 11:50:54AM -0400, Jeff Morriss wrote:
> Dotan Cohen wrote:
> > Despite warnings about running Wireshark as root, on my Ubuntu 9.10
> > system the app sees no network interfaces unless I run it as root. Is
> > this normal? I've googled for "Ubuntu wireshark" and it does seem that
> > self-styled journalists (blogs) recommend running as root, but I do
> > not trust them for best practices.
> 
> On most OS[1] you need "root" (or similar) privileges in order to open 
> the network device in a manner that allows you to capture packets. 
> Running Wireshark (the GUI) as root is strongly discouraged: since 1.0 
> Wireshark has had a separate utility (dumpcap) that contains all the 
> packet capture code: only that utility needs to run as root, allowing 
> you to run the multiple million lines of code in the bulk of Wireshark 
> as a normal user.

What about dropping root privilages after invoking dumpcap?