Comment 3 for bug 483106

Copying README.Debian [0] here:
Capturing packets with Wireshark/Tshark

There are two ways of installing Wireshark/Tshark on Debian:

I. Installing dumpcap with SETUID bit set

Members of group wireshark will be able to capture packets on network
interfaces. This is the preferred way of installation if Wireshark/Tshark
will be used for capturing and displaying packets at the same time, since
that way only the dumpcap process has to be run with root privileges
thanks to the privilege separation[1].

Note that no user will be added to group wireshark automatically, the system
administrator has to add them manually.

II. Installing dumpcap without SETUID bit set

Only root user will be able to capture packets. It is advised to capture
packets with the bundled dumpcap program as root and then run Wireshark/Tshark
as an ordinary user to analyze the captured logs. [2]

The installation method can be changed anytime by running:
dpkg-reconfigure wireshark-common

[1] http://wiki.wireshark.org/Development/PrivilegeSeparation
[2] http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

[0] http://svn.debian.org/wsvn/collab-maint/ext-maint/wireshark/trunk/debian/README.Debian