usbmon (wireshark, tshark) for regular user

--------------------------------------------------
Rise to the top 3% as a developer or hire one of them at Toptal: https://topt.al/25cXVn
--------------------------------------------------

Music by Eric Matyas
https://www.soundimage.org
Track title: Hypnotic Puzzle2

--

Chapters
00:00 Usbmon (Wireshark, Tshark) For Regular User
00:54 Answer 1 Score 7
01:25 Accepted Answer Score 5
01:47 Answer 3 Score 0
02:04 Thank you

--

Full question
https://superuser.com/questions/619473/u...

--

Content licensed under CC BY-SA
https://meta.stackexchange.com/help/lice...

--

Tags
#wireshark

#avk47

ANSWER 1

Score 7

I solved this by creating a group for the users which should be able to use usbmon and then let udev change the ownership of the device. So just create a group, add your user to the group and place a udev rule into "/etc/udev/rules.d":

addgroup usbmon
gpasswd -a $USER usbmon
echo 'SUBSYSTEM=="usbmon", GROUP="usbmon", MODE="640"' > /etc/udev/rules.d/99-usbmon.rules

And last but not least either reboot or make sure that the user actually is in the group and trigger udev or rmmod and modprobe again.

ACCEPTED ANSWER

Score 5

I found the answer here.

To enable wireshark users (those added to the wireshark group) to capture USB data, permissions for usbmon have to be changed:

chmod o=rw /dev/usbmon*

Another answer for almost the same question (with an alternative answer) is here.

ANSWER 3

Score 0

From wireshark.org:

You need to run Wireshark or TShark on an account with sufficient privileges to capture, or need to give the account on which you're running Wireshark or TShark sufficient privileges to capture.