Written by gagern the 6 Oct 08 at 18:47.
Related project: Wireshark.
Short Abstract: Installing the small dumpcap binary from wireshark-common suid root allows users to run wireshark itself, with all its complexety, as unprivileged users, thus possibly enhancing security.
I know Gentoo does install the dumpcap binary from wireshark suid root, and restricts access to a specific group. The rationale is that wireshark as a whole is rather complicated and thus likely to have security issues. Several such issues have been found in the past. dumpcap however is rather small, and can even drop most of its privileges pretty early. So running wireshark as a normal user and granting dumpcap access including suid root to trusted users seems sensible to me.
Wouldn't it be better to adopt this setup for Ubuntu as well, and remove those "run wireshark as root" items in the applications menu? You could use the admin group for people whom you'd wish to grant capture privileges, or you could introduce a new group.
I've tested the setup here on my system; a simple chgrp and chmod for dumpcap is enough. So it shouldn't be hard.
Nope, not all users, only the ones in the group you grant access to. If that group were "admin", then only users who can do anything in any case, with default Ubuntu sudo configuration.
I see a problem only if you let another person use your computer while logged in as an admin user, as in contrast to sudo running wireshark wouldn't require you to enter a password. But that's what guest accounts in Intrepid are for, right?
Copying contents here:
Capturing packets with Wireshark/Tshark
There are two ways of installing Wireshark/Tshark on Debian:
I. Installing dumpcap with SETUID bit set
Members of group wireshark will be able to capture packets on network
interfaces. This is the preferred way of installation if Wireshark/Tshark
will be used for capturing and displaying packets at the same time, since
that way only the dumpcap process has to be run with root privileges
thanks to the privilege separation.
Note that no user will be added to group wireshark automatically, the system
administrator has to add them manually.
II. Installing dumpcap without SETUID bit set
Only root user will be able to capture packets. It is advised to capture
packets with the bundled dumpcap program as root and then run Wireshark/Tshark
as an ordinary user to analyze the captured logs. 
The installation method can be changed anytime by running: