usbmon (wireshark, tshark) for regular user

I have libpcap set up with the newest cvs version. Regular users can run Wireshark and tshark. Specifically, they have been added to the wireshark group and can capture from

1. eth0
2. br0
3. nflog (Linux netfilter log (NFLOG) interface)
4. nfqueue (Linux netfilter queue (NFQUEUE) interface)
5. any (Pseudo-device that captures on all interfaces)
6. lo

Unfortunately, they don't see the usbmon devices that root does:

1. eth0
2. br0
3. nflog (Linux netfilter log (NFLOG) interface)
4. nfqueue (Linux netfilter queue (NFQUEUE) interface)
5. usbmon1 (USB bus number 1)
6. usbmon2 (USB bus number 2)
7. usbmon3 (USB bus number 3)
8. usbmon4 (USB bus number 4)
9. usbmon5 (USB bus number 5)
10. usbmon6 (USB bus number 6)
11. usbmon7 (USB bus number 7)
12. any (Pseudo-device that captures on all interfaces)
13. lo

As root, tshark -D lists all the usbmon devices. However, the regular user cannot see the usbmon devices with either wireshark or tshark.

How can I make the usbmon devices availaible to wireshark group users?


Solution 1:

I solved this by creating a group for the users which should be able to use usbmon and then let udev change the ownership of the device. So just create a group, add your user to the group and place a udev rule into "/etc/udev/rules.d":

addgroup usbmon
gpasswd -a $USER usbmon
echo 'SUBSYSTEM=="usbmon", GROUP="usbmon", MODE="640"' > /etc/udev/rules.d/99-usbmon.rules

And last but not least either reboot or make sure that the user actually is in the group and trigger udev or rmmod and modprobe again.

Solution 2:

I found the answer here.

To enable wireshark users (those added to the wireshark group) to capture USB data, permissions for usbmon have to be changed:

chmod o=rw /dev/usbmon*

Another answer for almost the same question (with an alternative answer) is here.