Under Linux:
You must be root or the application capturing packets must be
installed setuid to root (unless your distribution has a kernel
that supports capability bits such as CAP_NET_RAW and code to
allow those capability bits to be given to particular accounts
and to cause those bits to be set on a user's initial processes
when they log in, in which case you must have CAP_NET_RAW in
order to capture and CAP_NET_ADMIN to enumerate network devices
with, for example, the -D flag).
I personally wouldn't make tcpdump setuid root, but start looking for another, better-controlled way to achieve the goal.
Is setcap available in a package. I've seen an lede post by someone using in on Google it couldn't find it. Thought it might have been I. Libcap but it wasn't?