Run secureley wireshark as a user

Sometimes there is the need to allow normal users to run wireshark and capture packets from the network. Running wireshark with sudo is a security hole since anyone can overwrite any file.

A secure one-liner that solves this problem is:

# (sudo dumpcap -w -) | wireshark -k -i -

Assuming that sudo is configured to allow the user to run “dumpcap -w -” as root.

This should be 100% secure (except from the traffic monitoring issue) and will work well in (for example) labs.