使用wiresharp时,出现使用root用户的警告

使用wiresharp时,执行命令:sudo wireshark

弹出错误:

Running as user "root" and group "root".
This could be dangerous.

If you're running Wireshark this way in order to perform live capture, 
you may want to be aware that there is a better way documented at

解决办法:

  改变/usr/share/dumpcap的group,添加一个group:wireshark,chgrp到wireshark组,再改成750权限

$ sudo -s
# groupadd wireshark
# usermod -a -G wireshark xxx  //xxx为自己的用户名
# chgrp wireshark /usr/bin/dumpcap
# chmod 4750 /usr/bin/dumpcap
# setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap  
# getcap /usr/bin/dumpcap
/usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip

  用getcap /usr/bin/dumpcap,输出应当是/usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip,说明生效

注意得注销一下才能生效

参考:http://blog.csdn.net/digimon/article/details/7220290

posted @ 2015-08-25 01:06  蛇吞象  阅读(1998)  评论(0编辑  收藏  举报