在Ubuntu 12.04 LTS上安裝wireshark

在Ubuntu 12.04 LTS上安裝wireshark並且限定數據包捕獲到一個組，也就是wireshark組。相信你能用這些指令在其他發行版上安裝wireshark。

雖然你只能讀到我在ubuntu上的測試，但是如果它不適合隨時告訴我，我將修改這些指令。

首先，我們從終端上安裝wireshark。

安裝wireshark：

sudo apt-get install wireshark







如果你以非超級用戶運行wireshark，你會得到一個信息 “No interface can be used for capturing in this system with the current configuration.”(參考上圖)。下列的步驟可以改正這個問題：

創建wireshark組：

sudo groupadd wireshark







把你的用戶名添加到wirehark組：

sudo usermod -a -G wireshark YOUR_USER_NAME





改變文件dumpcap的所屬組爲wireshark

sudo chgrp wireshark /usr/bin/dumpcap





改變文件的訪問權限爲所屬組可執行：

sudo chmod 750 /usr/bin/dumpcap




賦予setcap功能：

sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap




驗證是否已經修改成功：

sudo getcap /usr/bin/dumpcap

這時候，你需要註銷用戶。

現在你應該可以作爲一個非超級用戶登錄wireshark了，只要用戶是在wiresharp組內，基本上一切都可以正常工作了。

關於capabilities with setcap的一些解釋：

 Linux divides the privileges traditionally
       associated with superuser into distinct units, known as capabilities,
       which can be independently enabled and disabled.  Capabilities are a
       per-thread attribute.

CAP_NET_RAW
              * use RAW and PACKET sockets;
              * bind to any address for transparent proxying.

 CAP_NET_ADMIN
              Perform various network-related operations:
              * interface configuration;
              * administration of IP firewall, masquerading, and accounting;
              * modify routing tables;
              * bind to any address for transparent proxying;
              * set type-of-service (TOS)
              * clear driver statistics;
              * set promiscuous mode;
              * enabling multicasting;




本文的原址是：

http://www.dickson.me.uk/2012/09/17/installing-wireshark-on-ubuntu-12-04-lts/