# why only root can sinffer usb traffic via wireshark?

## houqp

Hi all,

I recently want to use wireshark to sniffer the usb traffic. After compile the usbmon as module and debugfs into kernel, I managed to see the usb devices listed in the devices list in wireshark. 

But that happen only when I run wireshark as root, I cannot see usb devices when I run wireshark with my own account. 

I cannot figure out which group do I missed to add my account into.

Following is the output from groups:

```
wheel floppy audio cdrom video games usb vboxusers plugdev portage wireshark kvm pulse pulse-access dave
```

Thanks,

Hou Qingping

----------

## cach0rr0

Confucius say: man who no watch build message miss ewarn

```

NOTE: To run wireshark as normal user you have to add yourself to

the wireshark group. This security measure ensures that only trusted

users are allowed to sniff your traffic.

```

The ebuild should have created a new group called, literally 'wireshark' - add yourself to that, logout, log back in, should be good to go.

----------

## houqp

 *Quote:*   

> Confucius say: man who no watch build message miss ewarn 

 

LOL..

But I have already done this.  :Wink: 

See the output from groups in my first post.

So I can see net interfaces but not usb devices.

----------

## cach0rr0

I am completely blind. I totally did not see it in your groups output when I first looked. 

whoops! Sorry about that. 

I've just always sudo'd it (or well, 'kdesu wireshark') and ignored the warnings about root. I have no ideas here unfortunately.

----------

## rsala

I've got the same problem. Here's the output from `groups`

```

disk wheel floppy uucp audio cdrom video games cdrw usb users plugdev portage wireshark roger
```

What am I missing?

----------

