Installation and configuration The first installation of wireshark:$ sudo apt install wireshark through apt installs a number of dependencies, including a package called Wireshark-common, which pops up during dpkg pre-configuration to explain the installation options. The main idea is that DUMPCAP can be installed to allow users to grab packets in the Wireshark user group, which is better than running Wireshark directly with Root, because the latter will allow more program code to run under elevated privileges from the point of view of the entire program. Here we choose Yes to turn this feature on, and some security risks for desktop are not allowed. After the installation is complete, view the user group and discover that the Wireshark user group was created: $ cat/etc/group |grep wiresharkwireshark:x:130: We add ourselves (the currently logged in user) to the Wireshark group: $ sudo Usermod-a-G Wireshark $USER need to log back in to the current user for effective user group changes. Re-login and run Wireshark directly, do not need to add sudo. Installation and usage issues if you open the error that the discovery prompt does not have permission, verify that the currently logged on user is in the Wireshark group or has root privileges. View the currently logged in user group: $ groupsuser adm cdrom sudo dip Plugdev lpadmin sambashare Wireshark What if you chose no when you installed the preconfigured Wireshark-common? Reconfigure this package: $ sudo dpkg-reconfigure wireshark-common What if you don't want to open this feature and don't want to run Wireshark with root privileges? Grab the bag with sudo dumpcap, and then open the bag that you just grabbed in the Wireshark to analyze it. Transferred from: https://www.linuxidc.com/Linux/2017-01/139104.htm
Ubuntu16.04 lts under APT installation Wireshark
