On Thu, 14 Aug 2014 12:40:10 +0100 Nigel Taylor wrote: > This does work > > sudo tcpdump -s 1500 -w - | wireshark -k -i - > > User needs to be in the _wireshark group, you can remove the suid from > /usr/local/bin/dumpcap, the suid is only required if doing captures with > dumpcap.
Aye, I must be blind to have missed the lack of global execute permissions on dumpcap. Having said that I'm sure wiresharks error could have mentioned not being able to execute dumpcap. p.s. I couldn't find the wireshark group mentioned anywhere in a pkg-readme or pkg_info -M
