wireshark threw an error at me that it couldn't read my network device. It took me some time to figure out I needed to set CONFIG_PACKET in my kernel .config. As portage can check for needed kernel modules I think it would be good to do so with wireshark.
So basically, Wireshark works fine without capturing as long as you feed it pcap dump files and don't try to capture directly. If we were to warn when CONFIG_PACKET is not enabled then you'd still have the same problem when the af_packet module isn't loaded. So then we should include warnings at compile time that 1) alert when CONFIG_PACKET is disabled, and 2) alert when af_packet is compiled as a module that may or may not be loaded. That would still not help the user if the admin failed to do either. If you want Wireshark to respond more intelligently when you ask it to capture and it can't because of CONFIG_PACKET=(m|n), then you should ask upstream to check for that.