在Ubuntu 12.04 LTS上安装wireshark

标签：wireshark安装

在Ubuntu 12.04 LTS上安装wireshark并且限定数据包捕获到一个组，也就是wireshark组。相信你能用这些指令在其他发行版上安装wireshark。

虽然你只能读到我在ubuntu上的测试，但是如果它不适合随时告诉我，我将修改这些指令。

首先，我们从终端上安装wireshark。

安装wireshark：

sudo apt-get install wireshark

如果你以非超级用户运行wireshark，你会得到一个信息 “No interface can be used for capturing in this system with the current configuration.”(参考上图)。下列的步骤可以改正这个问题：

创建wireshark组：

sudo usermod -a -G wireshark YOUR_USER_NAME


改变文件dumpcap的所属组为wireshark

sudo chgrp wireshark /usr/bin/dumpcap


改变文件的访问权限为所属组可执行：

sudo chmod 750 /usr/bin/dumpcap

赋予setcap功能：

sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

验证是否已经修改成功：

这时候，你需要注销用户。

现在你应该可以作为一个非超级用户登录wireshark了，只要用户是在wiresharp组内，基本上一切都可以正常工作了。

关于capabilities with setcap的一些解释：

 Linux divides the privileges traditionally
       associated with superuser into distinct units, known as capabilities,
       which can be independently enabled and disabled.  Capabilities are a
       per-thread attribute.

CAP_NET_RAW
              * use RAW and PACKET sockets;
              * bind to any address for transparent proxying.

 CAP_NET_ADMIN
              Perform various network-related operations:
              * interface configuration;
              * administration of IP firewall, masquerading, and accounting;
              * modify routing tables;
              * bind to any address for transparent proxying;
              * set type-of-service (TOS)
              * clear driver statistics;
              * set promiscuous mode;
              * enabling multicasting;

本文的原址是：

http://www.dickson.me.uk/2012/09/17/installing-wireshark-on-ubuntu-12-04-lts/


在Ubuntu 12.04 LTS上安装wireshark

标签：wireshark安装

原文地址：http://blog.csdn.net/lifan1314521/article/details/42969457