Using wireshark as an unprivileged user to analyze USB traffic

I am trying to read USB traffic with wireshark. For this I activate usbmon

sudo modprobe usbmon

But whenever I try to sniff my USB connection I get a message like this:

You do not have permission to capture on device “usbmon1”.

(Attempt to open /dev/usbmon1 failed with EACCES - root privileges may be required)

Please check to make sure you have sufficient permissions.

On Debian and Debian derivatives such as Ubuntu, if you have installed Wireshark from a package, try running

sudo dpkg-reconfigure wireshark-common

selecting “” in response to the question

Should non-superusers be able to capture packets?

adding yourself to the “wireshark” group by running

sudo usermod -a -G wireshark {your username}

and then logging out and logging back in again.

If you did not install Wireshark from a package, ensure that Dumpcap has the needed CAP_NET_RAW and CAP_NET_ADMIN capabilities by running

sudo setcap cap_net_raw,cap_net_admin=ep {path/to/}dumpcap

and then restarting Wireshark.

I am already in the wireshark group and installed wireshark as a module (programs.wireshark.eneable = true;). However this seems to not help very much with USB but only with network traffic.

Is there any advice how to adjust my settings to get this working?

Thanks in advance

I found out temporarily it can be done with

sudo chgrp wireshark /dev/usbmon*
sudo chmod g+r /dev/usbmon*

Just for the record if anybody else needs a solution to this, too. To solve this permanently add

  services.udev = {
    extraRules = ''
      SUBSYSTEM=="usbmon", GROUP="wireshark", MODE="0640"

to your configuration.nix

1 Like