Wireshark is a cross-platform tool for capturing and analyzing Internet or LAN traffic on a local area network. It is included with all Linux distributions and can be installed from the repository. One drawback is that by default, the network card is only visible when using sudo privilege elevation. Another drawback is that the temporary capture file in the /tmp folder quickly fills up.

1. Running Wireshark under a user account (without sudo)

1) Installing the wireshark application

normal:

sudo apt-get install wireshark

or from the repository:

sudo apt-get update
sudo add-apt-repository ppa:dreibh/ppa
sudo apt-get update
sudo apt-get install wireshark

2) Enabling the ability to run from any user - creating a user group "wireshark"

sudo dpkg-reconfigure wireshark-common

answer YES.

3) Adding the current user's login to the group "wireshark"

sudo adduser $USER wireshark

or

sudo usermod -a -G wireshark $USER

4) Enable packet recording under any user

sudo chmod +x /usr/bin/dumpcap

5) After this, you can launch from the current user

wireshark

2. Setting up a ring buffer in wireshark

1) Create a folder to capture and in it an empty file with a name that will become a template for buffer files:

cd ~
mkdir wireshark-capture
cd wireshark-capture
touch record

2) In wireshark go to the menu "Capture" - "Output" and make the settings:

• "Capture to permanent file:" -"Open" - select the file created in the item - for example,/home/username/wireshark-capture/record. Do you want to replace it? Yes.
• checkbox at the top Automatically create a new file
• after 80000 packets (corresponds to a capture file of about 74-77 MB in size)
• after 50 megabytes (files of equal size 47.7 MiB)
• below Use a ring buffer with 3 files (any number of files from 3 to 5)
• OK

Turn off the capture using the red "Stop" button or the Ctrl+E keys.

To restart using a ring buffer, repeat these steps
"Capture" - "Output", etc. The answer to the question about saving previous data is negative.

Sources:
Creating a rolling or ring buffer packet capture in Wireshark forWindows
Setting up wireshark for non root user

Related publications

Stop and disable TimeShift to save disk space

Troubleshooting L2TP/IPsec connection errors "Could not add IPsec connection" and "no acceptable traffic selectors found"

Hard disk partitioning for installing Linux Mint on an old PC with BIOS in GPT mode

Updating Linux Mint 21.3 Virginia to Linux Mint 22.3 Zena

Removing the Xanmod kernel from a Linux operating system