在Ubuntu 12.04 LTS上安裝wireshark並且限定數據包捕獲到一個組,也就是wireshark組。相信你能用這些指令在其他發行版上安裝wireshark。
雖然你只能讀到我在ubuntu上的測試,但是如果它不適合隨時告訴我,我將修改這些指令。
首先,我們從終端上安裝wireshark。
安裝wireshark:
sudo
apt-get
install
wireshark
如果你以非超級用戶運行wireshark,你會得到一個信息 “No interface can be used for capturing
in this system with the current configuration.”(參考上圖)。下列的步驟可以改正這個問題:
創建wireshark組:
sudo
groupadd wireshark
|
sudo
usermod
-a -G wireshark YOUR_USER_NAME
改變文件dumpcap的所屬組爲wireshark
sudo
chgrp
wireshark
/usr/bin/dumpcap
改變文件的訪問權限爲所屬組可執行:
sudo
chmod
750
/usr/bin/dumpcap
賦予setcap功能:
sudo
setcap cap_net_raw,cap_net_admin=eip
/usr/bin/dumpcap
驗證是否已經修改成功:
sudo
getcap /usr/bin/dumpcap |
這時候,你需要註銷用戶。
現在你應該可以作爲一個非超級用戶登錄wireshark了,只要用戶是在wiresharp組內,基本上一切都可以正常工作了。
關於capabilities with setcap的一些解釋:
Linux divides the privileges traditionally
associated with superuser into distinct units, known as capabilities,
which can be independently enabled and disabled. Capabilities are a
per-thread attribute.
CAP_NET_RAW
* use RAW and PACKET sockets;
* bind to any address for transparent proxying.
CAP_NET_ADMIN
Perform various network-related operations:
* interface configuration;
* administration of IP firewall, masquerading, and accounting;
* modify routing tables;
* bind to any address for transparent proxying;
* set type-of-service (TOS)
* clear driver statistics;
* set promiscuous mode;
* enabling multicasting;
本文的原址是:
http://www.dickson.me.uk/2012/09/17/installing-wireshark-on-ubuntu-12-04-lts/