2f64ec0844
Indicate what you're supposed to do when running dpkg-reconfigure wireshark-common, and indicate that you have to run it as root using sudo. Emphasize in README.Debian, and indicate in the permission failure secondary message, that you have to add users to the "wireshark" group after doing that, and that a user may have to log out and log in again to make this change take effect. Bug: 14847 Change-Id: Ia83ff8e92bd2f00b6c3779272322a40201416da0 Reviewed-on: https://code.wireshark.org/review/28206 Reviewed-by: Guy Harris <guy@alum.mit.edu>
95 lines
4.3 KiB
Text
95 lines
4.3 KiB
Text
|
|
I. Capturing packets with Wireshark/Tshark
|
|
|
|
There are two ways of installing Wireshark/Tshark on Debian; the
|
|
installation process may offer a choice between these two ways,
|
|
asking "Should non-superuser be able to capture packets?"
|
|
|
|
I./a. Installing dumpcap without allowing non-root users to capture packets
|
|
|
|
Only root user will be able to capture packets. It is advised to capture
|
|
packets with the bundled dumpcap program as root and then run
|
|
Wireshark/Tshark as an ordinary user to analyze the captured logs. [2]
|
|
|
|
This is the default on Debian systems; it is selected by answering
|
|
"<No>" to the question mentioned above.
|
|
|
|
I./b. Installing dumpcap and allowing non-root users to capture packets
|
|
|
|
Members of the wireshark group will be able to capture packets on network
|
|
interfaces. This is the preferred way of installation if Wireshark/Tshark
|
|
will be used for capturing and displaying packets at the same time, since
|
|
that way only the dumpcap process has to be run with elevated privileges
|
|
thanks to the privilege separation[1].
|
|
|
|
This is selected by answering "<Yes>" to the question mentioned
|
|
above.
|
|
|
|
Note that no user will be added to group wireshark automatically;
|
|
a system administrator has to add them manually, using the usermod
|
|
command:
|
|
|
|
sudo usermod -a -G wireshark {username}
|
|
|
|
or, if you're using a desktop environment that includes a tool for
|
|
managing users, such as the "Users and Groups" tool in GNOME (found
|
|
in the gnome-system-tools package), using that tool. After a user
|
|
is added to the wireshark group, she/he may need to log in again to
|
|
make her/his new group membership take effect and be able to capture
|
|
packets.
|
|
|
|
The additional privileges are provided using the Linux Capabilities
|
|
system where it is available and resorting to setting the set-user-id
|
|
bit of the dumpcap binary as a fall-back, where the Linux Capabilities
|
|
system is not present (Debian GNU/kFreeBSD, Debian GNU/Hurd).
|
|
|
|
Linux kernels provided by Debian support Linux Capabilities, but custom
|
|
built kernels may lack this support. If the support for Linux
|
|
Capabilities is not present at the time of installing wireshark-common
|
|
package, the installer will fall back to set the set-user-id bit to
|
|
allow non-root users to capture packets.
|
|
|
|
If installation succeeds with using Linux Capabilities, non-root users
|
|
will not be able to capture packets while running kernels not supporting
|
|
Linux Capabilities.
|
|
|
|
Note that capturing USB packets is not enabled for non-root users by using
|
|
Linux Capabilities. You have to capture the packets using the method
|
|
described in I./a., setting the set-user-id permanently using
|
|
dpkg-statoverride or running dumpcap as root.
|
|
|
|
The installation method can be changed any time by running:
|
|
|
|
sudo dpkg-reconfigure wireshark-common
|
|
|
|
The question mentioned above will be asked; answer "<Yes>" to it.
|
|
|
|
|
|
II. Installing SNMP MIBs
|
|
|
|
SNMP [4] OIDs can be decoded using MIBs provided by other packages.
|
|
wireshark-common suggests snmp-mibs-downloader which package can be used to
|
|
download a set of common MIBs Wireshark/Tshark tries to load at startup.
|
|
|
|
At the time of writing, MIBs are distributed under DFSG incompatible terms
|
|
[5] thus snmp-mibs-downloader has to be in the non-free archive area.
|
|
To keep wireshark in the main area [7], wireshark-common does not depend on
|
|
or recommend snmp-mibs-downloader and as a result snmp-mibs-downloader is
|
|
not installed automatically with wireshark.
|
|
|
|
To make Wireshark/Tshark able to decode OIDs, please install
|
|
snmp-mibs-downloader manually.
|
|
|
|
To help Wireshark/Tshark to decode OIDs without having to install packages
|
|
manually, please support the initiative of requesting additional rights
|
|
from RFC authors [5].
|
|
|
|
|
|
[1] https://wiki.wireshark.org/Development/PrivilegeSeparation
|
|
[2] https://wiki.wireshark.org/CaptureSetup/CapturePrivileges
|
|
[3] https://blog.wireshark.org/2010/02/running-wireshark-as-you
|
|
[4] https://wiki.wireshark.org/SNMP
|
|
[5] https://wiki.debian.org/NonFreeIETFDocuments
|
|
[6] https://www.debian.org/doc/debian-policy/ch-archive.html#s-non-free
|
|
[7] https://www.debian.org/doc/debian-policy/ch-archive.html#s-main
|