linux安装wireshark的注意事项

安装好了wireshark后普通用户运行发现找不到网卡，查了相关资料说是权限不够。

Installation of Wireshark:
$ sudo pacman -S wireshark


If you run wireshark as a non root user at this stage, you will get
the message “No interface can be used for capturing in this system with the current configuration.”. 
The following steps will rectify this.


1) Create the wireshark group.
$ sudo groupadd wireshark　　　　#这一步一般不需要，因为在安装的时候默认创建了这个用户组。


2) Add your username to the wireshark group
$ sudo usermod -a -G wireshark YOUR_USER_NAME


3) Change the group ownership of file dumpcap to wireshark
$ sudo chgrp wireshark /usr/bin/dumpcap


4) Change the mode of the file dumpcap to allow execution by the group wireshark
$ sudo chmod 750 /usr/bin/dumpcap


5) Grant capabilities with setcap, man capabilities(7), setcap(8), cap_from_text(3) for more info about what are "cap_net_raw", "cap_net_admin" and "eip". Anyway, after we grant the capabilities, the dump can perform various network-related operations, use RAW and PACKET sockets; bind to any address for transparent proxying.
$ sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap


6) Verify the change
$ sudo getcap /usr/bin/dumpcap
Output should be like below:
$ /usr/bin/dumpcap = cap_net_admin,cap_net_raw=eip


7) At this point, you will need to log out, then back into manjaro

 

目前用的是manjaro，其他的发行版也是类似的操作思路。