Ask Your Question

Capture file cannot be opened when tshark is executed with `sudo`

asked 2023-12-04 12:31:03 +0000

yoshida gravatar image

updated 2023-12-04 12:35:56 +0000

I am trying to get Wi-Fi sniffer logs and save them to ~/log/ directory using tshark.

However, when I execute tshark as bellow, it cannot open the log file because of the Permission denied.

$ mkdir ~/log
$ sudo chmod 777 ~/log
$ cd ~
$ ls -ld ~
drwxr-x--- 21 user1 user1 4096 Dec  4 19:50 /home/user1
$ sudo tshark -i wlan0 -w ./log/sniffer.pcap
Running as user "root" and group "root". This could be dangerous.
Capturing on 'wlan0_mon'
tshark: The file to which the capture would be saved ("hoge.pcap") could not be opened: Permission denied.


I noticed that default home directory permissions were changed to 750 in Ubuntu 22.04, so I change them to 755 as before. Then this error was resolved.

$ sudo chmod 755 ~
$ ls -ld ~
drwxr-xr-x 21 user1 user1 4096 Dec  4 19:50 /home/user1
$ cd ~
$ sudo tshark -i wlan0 -w ./log/sniffer.pcap
# The capture starts as I exepected and the sniffer log is saved in ~/log/sniffer.pcap


  • Is this behavior as intended ?
  • Why does this behavior occur?


  • OS: Ubuntu 22.04.1
  • kernel: 6.2.0-37-generic
  • tshark: TShark (Wireshark) 4.0.6 (Git v4.0.6 packaged as 4.0.6-1~exp1~ubuntu22.04.0~ppa1).
edit retag flag offensive close merge delete


Why are you running as root? Doesn't the warning Running as user "root" and group "root". This could be dangerous. give you pause for thought?

grahamb gravatar imagegrahamb ( 2023-12-04 14:17:29 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2023-12-04 17:12:53 +0000

Guy Harris gravatar image

$ sudo tshark -i wlan0 -w ./log/sniffer.pcap


OS: Ubuntu

Instead of running as root, try reconfiguring the Wireshark installation to allow non-root packet capturing by running sudo dpkg-reconfigure wireshark-common and answering "yes" if it asks whether you want to allow capturing by non-root users, and then run TShark without sudo.

edit flag offensive delete link more


Thank you for your cooperation.

I can capture and save the logs by executing tshark by non-root user.

But I am little confused why the behavior is affected by these permission of the home directory.

yoshida gravatar imageyoshida ( 2023-12-05 09:10:48 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2023-12-04 12:31:03 +0000

Seen: 488 times

Last updated: Dec 04 '23