This adds a wireshark group. Anybody in that group will be able to sniff without being root. This is obviously more secure than just letting anybody sniff but does mean there's no password checking. Technically any person with access to a computer logged in with a wireshark account will be able to sniff. If that's acceptable to you, carry on.
Another option which has not been suggested here is to run the app you want to monitor in the Android emulator from the Android SDK. You can then easily capture the traffic with wireshark on the same machine.
This app was a lifesaver I was debugging a problem with failure of SSL/TLS handshake on my Android app. Tried to setup ad hoc networking so I could use wireshark on my laptop. It did not work for me. This app quickly allowed me to capture network traffic, share it on my Google Drive so I could download on my laptop where I could examine it with Wireshark! Awesome and no root required!
I had a similar problem that inspired me to develop an app that could help to capture traffic from an Android device. The app features SSH server that allows you to have traffic in Wireshark on the fly (sshdump wireshark component). As the app uses an OS feature called VPNService to capture traffic, it does not require the root access.
I wanted to share a wireshark of my file, because it may help with some problems i'm having but i need to know if it is safe, or if could reveal sensitive data about me, the only IP's i see are my internal ones not external
I think it largely depends on what else you were doing at the time you created the capture. For example, if you were browsing the web, then obviously people would be able to see what websites you were visiting and the content of any unencrypted pages. If you were logging in to something that does not use encryption (for example, telnet, FTP, or a non HTTPS website) then your login information could be in the wireshark capture. Granted, this is fairly unlikely as encryption is used for nearly all logins these days.
Other than that, the wireshark capture will contain broadcast packets from other devices on the network, in addition to MAC addresses. These are fairly unlikely to contain any sensitive information; some people may consider MAC addresses to be sensitive, since they are unique to each device, but unlike public IP addresses they cannot be easily linked to a location or specific person. All it really reveals is the manufacturer of the computer/network card.
It depends on what information you captured with Wireshark, and who you are sharing it with. If this is at work, and someone from your technical department is asking for it, and you are sure it is a person from your tech department (and not an imposter), you are probably safe to share it with this person, and only this person. I definitely would not post the wireshark file into a forum such as this one, or put it anywhere where other "random" people can access it.
The trick is to launch an ssh session without a login shell and run tcpdump through it on the remote system making tcpdump write raw packets to STDOUT while piping it to our local wireshark reading from STDIN.
Tcpdump does buffer the output when writing to a file (our STDOUT in our case), which unfortunately means it might take some time until we can see the traffic in wireshark. Tcpdump offers options to influence the buffering however this is not implemented in our version of Libpcap (tested on 11.4HF1).
This is especially annoying if we want to capture low volume traffic. What we could do is capturing icmp echo requests+replies additionally to the traffic we are interested in, and remove them again with the wireshark display filter. Then start a ping to push the interesting packets to wireshark faster.
df19127ead