Ask Your Question

Sniff usb with non-root user under Ubuntu 18.04

asked 2020-04-28 16:40:34 +0000

4xy gravatar image

I followed this guide in Linux to make wireshark work with usual user rights, but unfortunately it still requires to run as root to be possible to sniff USB traffic. The user is in wireshark group.

[email protected]:~$ groups q
q : q adm tty disk lp uucp dialout cdrom sudo audio dip video plugdev users lpadmin pulse pulse-access sambashare vboxusers input wireshark docker libvirt

Also ACL read permission is also set.

[email protected]:~$ sudo setfacl -m u:$USER:r /dev/usbmon*
[email protected]:~/work/scripts$ getfacl /dev/usbmon0
getfacl: Removing leading '/' from absolute path names
# file: dev/usbmon0
# owner: root
# group: root

How to make it possible?

edit retag flag offensive close merge delete


What does /sbin/getcap /usr/bin/dumpcap say?

Jaap gravatar imageJaap ( 2020-04-29 12:13:06 +0000 )edit

/usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip

4xy gravatar image4xy ( 2020-05-02 14:24:56 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2020-04-28 17:35:35 +0000

Guy Harris gravatar image

You would have to make the dumpcap program set-UID root; the mechanism for USB sniffing on Linux requires root privileges.

edit flag offensive delete link more


I performed chmod u+s /usb/bin/dumpcap, but still see no usbmon* entries in wireshark under usual rights

4xy gravatar image4xy ( 2020-05-02 14:26:37 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2020-04-28 16:40:34 +0000

Seen: 104 times

Last updated: Apr 28 '20