Okay, so re-installing Xubuntu this week, I spent a lot of time crawling the interwebs to find a solution to a problem I had solved a long time ago, but lost the instructions, so I wanted to blog it.
In Xubuntu when you install wireshark, and run it as admin (bad idea) it will work, for about 10k packets or 5minutes whichever comes first then blow up and need to be force closed. the solution is to modify the settings to allow you to run packet captures as your current user and not need root access to capture.
there is a post on the wireshark blog about it, but there are some problems with the commands, and they don’t work. But I found my solution over at here.
essentially once you have wireshark installed, you will need to run the following commands, then logout, and back in for it to work.
$ sudo su - root # sudo apt-get install libcap2-bin # groupadd wireshark # usermod -a -G wireshark <your-user-name> # chmod 750 /usr/bin/dumpcap # chgrp wireshark /usr/bin/dumpcap # setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap