linux普通用戶權(quán)限 wireshark 抓包
1. Ensure your linux kernel and filesystem supports File Capabilities and also you have installed necessary tools.
2. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap"
3. Start Wireshark as non-root and ensure you see the list of interfaces and can do live capture.
1. Create user "wireshark" in group "wireshark".
2. "chgrp wireshark /usr/bin/dumpcap"
3. chmod 754 /usr/bin/dumpcap
4. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap"
5. Ensure Wireshak works only from root and from a user in the "wireshark" group
注意, 如果是自己通過源代碼編譯安裝的wireshark一般默認(rèn)路徑是安裝在/usr/local/bin/dumpcap, 所以需要指定正確的路徑。
其余系統(tǒng)可以參考下面的鏈接http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
這個(gè)鏈接是在第一次使用root運(yùn)行wireshark抓包顯示的, 我想大部分人應(yīng)該不會(huì)去注意提示信息吧。