Setting network privileges for dumpcap
1. Ensure your linux kernel and filesystem supports File Capabilities and also you have installed necessary tools.
2. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap"
3. Start Wireshark as non-root and ensure you see the list of interfaces and can do live capture.
Limiting capture permission to only one group
1. Create user "wireshark" in group "wireshark".
2. "chgrp wireshark /usr/bin/dumpcap"
3. chmod 754 /usr/bin/dumpcap
4. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap"
5. Ensure Wireshak works only from root and from a user in the "wireshark" group
注意, 如果是自己通過源代碼編譯安裝的wireshark一般默認路徑是安裝在/usr/local/bin/dumpcap, 所以需要指定正確的路徑。
其餘系統可以參考下面的鏈接http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
這個鏈接是在第一次使用root運行wireshark抓包顯示的, 我想大部分人應該不會去注意提示信息吧。