Sniff usb with non-root user under Ubuntu 18.04
I followed this guide in Linux to make wireshark work with usual user rights, but unfortunately it still requires to run as root to be possible to sniff USB traffic. The user is in wireshark
group.
q@4xybook:~$ groups q
q : q adm tty disk lp uucp dialout cdrom sudo audio dip video plugdev users lpadmin pulse pulse-access sambashare vboxusers input wireshark docker libvirt
Also ACL read permission is also set.
q@4xybook:~$ sudo setfacl -m u:$USER:r /dev/usbmon*
q@4xybook:~/work/scripts$ getfacl /dev/usbmon0
getfacl: Removing leading '/' from absolute path names
# file: dev/usbmon0
# owner: root
# group: root
user::rw-
user:q:r--
group::---
mask::r--
other::---
How to make it possible?
What does
/sbin/getcap /usr/bin/dumpcap
say?/usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip