I use Wireshark in my demonstrations for the CIS-430 Networking and Distributed Systems class. I always enjoy the reaction of students when I sniff their FTP passwords off the air. To be able to gather packets in promiscuous mode how ever requires some authorization changes. Here is how I did it the last time I did it. I followed Dickson’s instructions here. They are for 13.10 but also work in 14.10.
First order of business is to create a group for wireshark to use and add ourself to the group.
sudo groupadd wireshark sudo usermod -a -G wireshark <USER_NAME>
Let us permit Wireshark to use dumpcap.
sudo chgrp wireshark /usr/bin/dumpcap sudo chmod 750 /usr/bin/dumpcap sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
Just log out and back in and it should work!
Leave a Reply