2Capturing traffic in Linux is a privileged operation, meaning you must be root, administrator or sudo to perform a capture. It is good security practice to run as few applications as possible with root privileges. Therefore it is a good idea to capture packets as root in one step, and then analyse packets as the normal user in a second step. Although Wireshark can be setup to capture packets as root, we will use tcpdump instead.