在Ubuntu 12.04 LTS上安裝wireshark并且限定資料包捕獲到一個組,也就是wireshark組。相信你能用這些指令在其他發行版上安裝wireshark。
雖然你隻能讀到我在ubuntu上的測試,但是如果它不适合随時告訴我,我将修改這些指令。
首先,我們從終端上安裝wireshark。
安裝wireshark:
sudo
apt-get
install
wireshark
如果你以非超級使用者運作wireshark,你會得到一個資訊 “No interface can be used for capturing in this system with the current configuration.”(參考上圖)。下列的步驟可以改正這個問題:
建立wireshark組:
|
把你的使用者名添加到wirehark組:
sudo
usermod
-a -G wireshark YOUR_USER_NAME
改變檔案dumpcap的所屬組為wireshark
sudo
chgrp
wireshark
/usr/bin/dumpcap
改變檔案的通路權限為所屬組可執行:
sudo
chmod
750
/usr/bin/dumpcap
賦予setcap功能:
sudo
setcap cap_net_raw,cap_net_admin=eip
/usr/bin/dumpcap
驗證是否已經修改成功:
|
這時候,你需要登出使用者。
現在你應該可以作為一個非超級使用者登入wireshark了,隻要使用者是在wiresharp組内,基本上一切都可以正常工作了。
關于capabilities with setcap的一些解釋:
Linux divides the privileges traditionally
associated with superuser into distinct units, known as capabilities,
which can be independently enabled and disabled. Capabilities are a
per-thread attribute.
CAP_NET_RAW
* use RAW and PACKET sockets;
* bind to any address for transparent proxying.
CAP_NET_ADMIN
Perform various network-related operations:
* interface configuration;
* administration of IP firewall, masquerading, and accounting;
* modify routing tables;
* bind to any address for transparent proxying;
* set type-of-service (TOS)
* clear driver statistics;
* set promiscuous mode;
* enabling multicasting;
本文的原址是:
http://www.dickson.me.uk/2012/09/17/installing-wireshark-on-ubuntu-12-04-lts/