Install everything you need:
sudo apt-get install wireshark tshark libcap2-bin
According to
/usr/share/doc/wireshark/README.Debian you have to add your user to the group wireshark
# check group
cat /etc/group | grep wireshark
# create it if not exists
sudo groupadd wireshark
# add user to this new group
sudo usermod -a -G wireshark `whoami`
# check user groups
groups `whoami`
# yourusername : yourusergroup ..... wireshark
# or
cat /etc/group | grep wireshark
# wireshark:x:1002:yourusername
# log in to a new group
newgrp wireshark
Then lets add capture privileges
http://wiki.wireshark.org/CaptureSetup/CapturePrivileges :
sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 754 /usr/bin/dumpcap
sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap
# ensure that everything ok:
getcap /usr/bin/dumpcap
# /usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip
You shoud be able run tshark without sudo:
tshark -R 'ip.addr==178.159.244.20'
# amqp
tshark -i lo tcp port 5672
No comments:
Post a Comment