Install Wireshark on Ubuntu 12.04 LTS and limit the packet capture to a group, which is the Wireshark group. I believe you can use these instructions to install Wireshark on other distributions.
Although you can only read my test on Ubuntu, I will modify these instructions if it is not appropriate to tell me at any time.
First, we install Wireshark from the terminal.
Install Wireshark:
sudo
apt-get
install
wireshark
如果你以非超级用户运行wireshark,你会得到一个信息 “No interface can be used for capturing in this system with the current configuration.”(参考)。下列的步骤可以改正这个问题:
创建wireshark组:
Add your user name to the Wirehark group:
sudo
usermod
-a-g wireshark your_user_name
改变文件dumpcap的所属组为wireshark
sudo
chgrp
wireshark
Change the access permissions for the file to the owning group executable:
sudo
chmod
750
/usr/bin/dumpcap
Give Setcap function:
sudo
setcap cap_net_raw,cap_net_admin=eip
/usr/bin/dumpcap
Verify that the success has been modified:
sudo getcap /usr/bin/dumpcap |
At this point, you need to log off the user.
Now you should be able to log in as a non-superuser wireshark, as long as the user is within the Wiresharp group, basically everything works.
Some explanations about capabilities with Setcap:
Linux divides the privileges traditionally capabilities, which can be independently enabled and Disabled. Capabilities is a per-thread attribute.
Cap_net_raw * Use RAW and PACKET sockets; * Bind to any address for transparent proxying.
cap_net_admin Perform various network-related operations: * interface configuration; * Administration of IP Firewall, masquerading, and accounting; * Modify routing tables; * Bind to an address for transparent proxying; * Set Type-of-service (TOS) * Clear driver statistics; * Set promiscuous mode; * Enabling multicasting;
本文的原址是:
http://www.dickson.me.uk/2012/09/17/installing-wireshark-on-ubuntu-12-04-lts/
Install Wireshark on Ubuntu 12.04 LTS