Sometimes there is the need to allow normal users to run wireshark and capture packets from the network. Running wireshark with sudo is a security hole since anyone can overwrite any file.
A secure one-liner that solves this problem is:
# (sudo dumpcap -w -) | wireshark -k -i -
Assuming that sudo is configured to allow the user to run “dumpcap -w -” as root.
This should be 100% secure (except from the traffic monitoring issue) and will work well in (for example) labs.
V13 