安装过程很简单:
$ sudo apt-get install wireshark
其中会弹出一个对话框:
┌─────────────────────┤ Configuring wireshark-common ├──────────────────────┐
│ │
│ Dumpcap can be installed in a way that allows members of the "wireshark" │
│ system group to capture packets. This is recommended over the │
│ alternative of running Wireshark/Tshark directly as root, because less │
│ of the code will run with elevated privileges. │
│ │
│ For more detailed information please see │
│ /usr/share/doc/wireshark-common/README.Debian. │
│ │
│ Enabling this feature may be a security risk, so it is disabled by │
│ default. If in doubt, it is suggested to leave it disabled. │
│ │
│ Should non-superusers be able to capture packets? │
│ │
│ <Yes> <No> │
│ │
└────────────────────────────────────────────────────────────────────┘
接受建议,选<No>即可。
安装完毕,以普通用户运行wireshark,开始抓包,却提示:
There are no interfaces on which a capture can be done.
主窗口左上角区域显示:
Couldn’t run /usr/sbin/dumpcap in child process: Permission denied Are you a member of the ‘wireshark’ group? Try running ‘usermod -a -G wireshark your_username’ as root.
解决办法:把普通用户xxf添加到组wireshark,即
usermod -a -G wireshark xxf
注销当前用户xxf,重新登录即可。
参考:
1、https://wiki.wireshark.org/CaptureSetup/CapturePrivileges
2、/usr/share/doc/wireshark-common/README.Debian