On Aug 4, 2011 7:39 AM, "Tony van der Hoff" <t...@vanderhoff.org> wrote: > > Hi, > > I'm trying to get Wireshark to work in non-root mode in Squeeze. There is a sort of how-to at /usr/share/doc/wireshark-common/README.Debian, but to be honest, I don't understand it.
I don't know about that doc (I'm on my phone). However, you need non-root permissions to your Ethernet dev in order to directly work with it. Personally, I like doing something like 'tcpdump -vvv -i eth > file' as root and tshark or whatever with the file. > > I have no wireshark group, and apart from in that document I can find nothing about dumpcap. dumpcap... hmmm, I might have to look into that. Sounds like it generates full pcap files without needing tcpdump switches.
