Wireshark_icon.svgI use Wireshark in my demonstrations for the CIS-430 Networking and Distributed Systems class. I always enjoy the reaction of students when I sniff their FTP passwords off the air. To be able to gather packets in promiscuous mode how ever requires some authorization changes. Here is how I did it the last time I did it.  I followed Dickson’s instructions here. They are for 13.10 but also work in 14.10.

First order of business is to create a group for wireshark to use and add ourself to the group.

sudo groupadd wireshark

sudo usermod -a -G wireshark <USER_NAME>

Let us permit Wireshark to use dumpcap.

sudo chgrp wireshark /usr/bin/dumpcap

sudo chmod 750 /usr/bin/dumpcap

sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

Just log out and back in and it should work!