Wireshark-dev: Re: [Wireshark-dev] Not seeing FOO Dissector in wireshark after successful build
From: Guy Harris <[email protected]>
Date: Mon, 22 Apr 2019 12:12:18 -0700
On Apr 20, 2019, at 11:31 PM, Abhisek Techie <[email protected]> wrote:

> 5. Ran wireshark with sudo command

To quote the old doc/README.packaging file:

> In versions up to and including 0.99.6, it was necessary to run
> Wireshark with elevated privileges in order to be able to capture
> traffic. With version 0.99.7, all function calls that require elevated
> privileges have been moved out of the GUI to dumpcap.
> 
> WIRESHARK CONTAINS OVER TWO MILLION LINES OF SOURCE CODE. DO NOT RUN
> THEM AS ROOT.

Make dumpcap set-ID root, or whatever is necessary on your OS, and run Wireshark as yourself, *not* as root.