Comment 9 for bug 809813

Wireshark doesn't open raw sockets directly. It relies on libpcap for that. If you're running Wireshark without capture privileges (which is the case according to the Launchpad bug) then this is most likely a byproduct of pcap_activate_linux() in libpcap, which first tries to open a socket using PF_PACKET and if that fails tries with PF_INET.

What happens if you run

  tcpdump -D ; dmesg | tail

on your system as a user without CAP_NET_ADMIN or CAP_NET_RAW capabilities (i.e. a normal user)? On a natty system here I get

[600414.835927] tcpdump uses obsolete (PF_INET,SOCK_PACKET)