# How to capture with wireshark from not root



## blind0ne (Dec 6, 2021)

Hi, tying to run wireshark, but have this errors:

root@ihorr:~ # sudo wireshark
12:27:47.009     Main Warn could not connect to display  
12:27:47.009     Main Info Could not load the Qt platform plugin "xcb" in "" even though it was found.
Abort

Is it possible to run wireshark from simple user and not to login from root?


----------



## Alain De Vos (Dec 6, 2021)

```
pkg info -D wireshark
wireshark-3.4.8:
On install:
In order for wireshark be able to capture packets when used by unprivileged
user, /dev/bpf should be in network group and have read-write permissions.
For example:
# chgrp network /dev/bpf*
# chmod g+r /dev/bpf*
# chmod g+w /dev/bpf*
In order for this to persist across reboots, add the following to
/etc/devfs.conf:
own  bpf* root:network
perm bpf* 0660
```


----------



## mer (Dec 6, 2021)

Yes, you don't need sudo.  As my regular user I simply run "wireshark".


----------



## Alain De Vos (Dec 6, 2021)

I've had wireshark problems in the past. I sometimes solved it (in an ugly way) by setting the setuid flag.


----------



## mer (Dec 6, 2021)

If your user is part of the wheel group it should also work fine.


----------



## blind0ne (Dec 7, 2021)

Alain De Vos said:


> ```
> pkg info -D wireshark
> wireshark-3.4.8:
> On install:
> ...


That solution works perfectly, also added my user to group network? Should I do it, or it was not necessary?


----------

