I'm trying to capture data transferred across a USB connection to reverse-engineer the protocol used. I'm using wireshark to do this, which explicitly warns against running as root. So far, I've installed wireshark and run the following commands:
sudo dpkg-reconfigure wireshark-common
to allow members of the wireshark group (me) to access network interfaces
sudo chmod +x /usr/bin/dumpcap
not sure what that does, but I think dumpcap
was previously only executable by root.
sudo usermod -aG wireshark (me)
to add me to the wireshark group
This allows me to sniff network interfaces without running as root, but I still can't see the USB interfaces.
running
gksudo wireshark
runs wireshark as root and I can see usb interfaces then.
Is there a step I've missed to make USB sniffing possible for non-root users? I don't mind having to run wireshark as root for now, but it seems like I may as well set it up properly.
Best Answer
I solved it... running
sudo setcap CAP_NET_RAW,CAP_NET_ADMIN,CAP_DAC_OVERRIDE+eip /usr/bin/dumpcap
adds the
CAP_DAC_OVERRIDE
property to thedumpcap
program. This allows it to bypass the usual restriction checks for reading and writing to interface devices (if I understand it correctly)