$ cat /usr/share/doc/wireshark-common/README.Debian
$ cat /usr/share/doc/wireshark-common/README.Debian
I. Capturing packets with Wireshark/Tshark
There are two ways of installing Wireshark/Tshark on Debian:
I./a. Installing dumpcap without allowing non-root users to capture packets
Only root user will be able to capture packets. It is advised to capture
packets with the bundled dumpcap program as root and then run
Wireshark/Tshark as an ordinary user to analyze the captured logs. [2]
This is the default on Debian systems.
I./b. Installing dumpcap and allowing non-root users to capture packets
Members of the wireshark group will be able to capture packets on network
interfaces. This is the preferred way of installation if Wireshark/Tshark
will be used for capturing and displaying packets at the same time, since
that way only the dumpcap process has to be run with elevated(提高的) privileges
thanks to the privilege separation[1].
Note that no user will be added to group wireshark automatically, the
system administrator has to add them manually.
The additional privileges are provided using the Linux Capabilities
system where it is available and resort(努力) to setting the set-user-id bit
of the dumpcap binary as a fall-back, where the Linux Capabilities system
is not present (Debian GNU/kFreeBSD, Debian GNU/Hurd).
Linux kernels provided by Debian support Linux Capabilities, but custom
built kernels may lack this support. If the support for Linux
Capabilities is not present at the time of installing wireshark-common
package, the installer will fall back to set the set-user-id bit to
allow non-root users to capture packets.
If installation succeeds with using Linux Capabilities, non-root users
will not be able to capture packets while running kernels not supporting
Linux Capabilities.
Note that capturing USB packets(USB网卡的数据包吗?) is not enabled for non-root users by using
Linux Capabilities. You have to capture the packets using the method
described in I./a., setting the set-user-id permanently using
dpkg-statoverride or running Wireshark as root.
The installation method can be changed any time by running:
dpkg-reconfigure wireshark-common
II. Installing SNMP MIBs
SNMP [4] OIDs can be decoded using MIBs provided by other packages.
wireshark-common suggests snmp-mibs-downloader which package can be used to
download a set of common MIBs Wireshark/Tshark tries to load at startup.
《
SNMP: 简单网络传输协议
OID:SNMP对象标识符
ubuntu 12.04 安装
$ sudo apt-get install snmp-mibs-downloader
》
At the time of writing, MIBs are distributed under DFSG incompatible terms
[5] thus snmp-mibs-downloader has to be in the non-free archive area.
To keep wireshark in the main area [7], wireshark-common does not depend on
or recommend snmp-mibs-downloader and as a result snmp-mibs-downloader is
not installed automatically with wireshark.
To make Wireshark/Tshark able to decode OIDs, please install
snmp-mibs-downloader manually.
To help Wireshark/Tshark to decode OIDs without having to install packages
manually, please support the initiative of requesting additional rights
from RFC authors [5].
[1] http://wiki.wireshark.org/Development/PrivilegeSeparation
[2] http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
[3] https://blog.wireshark.org/2010/02/running-wireshark-as-you
[4] http://wiki.wireshark.org/SNMP
[5] http://wiki.debian.org/NonFreeIETFDocuments
[6] http://www.debian.org/doc/debian-policy/ch-archive.html#s-non-free
[7] http://www.debian.org/doc/debian-policy/ch-archive.html#s-main
最新文章
- JS:事件处理程序
- MYSQL #1064错误
- App技术框架
- ZOJ-3725 Painting Storages 动态规划
- UNIX 高手的 20 个习惯[转]
- Sicily1317-Sudoku-位运算暴搜
- Qt新建线程的方法(有QRunnable,QThreadPool,moveToThread和QtConcurrent的例子)
- 【雷神源码解析】无基础看懂AAC码流解析,看不懂你打我
- RGBA与Opacity
- p4中如何rollback/backout merge/integration
- 操作 html 的时候是使用 dom 方法还是字符串拼接?
- /usr/bin/perl:bad interpreter:No such file or directory 的解决办法
- COM动态添加删除成员,类似JavaScript中调用的对象
- webpack 支持的模块方法
- 让github忽略某些文件
- ssh scp命令详解
- OpenStack IceHouse 部署 - 2 - 网络与软件环境初始化
- 编写项目readme文件
- css 字体英文对照
- 使用rpmbuild打包时不对文件进行strip操作
热门文章
- Azkaban2.5安装部署(系统时区设置 + 安装和配置mysql + Azkaban Web Server 安装 + Azkaban Executor Server安装 + Azkaban web server插件安装 + Azkaban Executor Server 插件安装)(博主推荐)(五)
- 牛客网Java刷题知识点之抽象类与接口
- 开源项目android-uitableview介绍
- sql常用操作(一)
- 【css】css2实现两列三列布局的方法
- 为什么要用mallloc
- 前端APP打包管理规范
- Vue-Quill-Editor 修改配置,和图片上传
- Linux运维笔记--第三部
- 沙盒(SandBox)