Query about monitoring unknown Internet traffic
Petter Adsen
petter at synth.no
Sun Oct 18 09:14:39 UTC 2015
On Sun, 18 Oct 2015 19:17:43 +1100
Karl Auer <kauer at biplane.com.au> wrote:
> On Sun, 2015-10-18 at 09:43 +0200, Petter Adsen wrote:
> > I just tried to install wireshark on this machine. During the install
> > it showed me a dialog that asked me if members of the group 'wireshark'
> > should be able to capture packets. Say 'yes' to that dialog, add your
> > user to the 'wireshark' group, and log out and back in again so that
> > the new group is picked up. That should fix your problem.
>
> That's interesting. I installed the repo wireshark for Ubunti 14.04-2
> LTS the day I installed the OS, because I use wireshark a fair bit. I
> don't recall that question, I have no wireshark group on my system, and
> obviously my username is not in that group.
This was on 15.04 with wireshark 1.12.1+g01b65bf-4+deb8u3build0.15.04.1
- I was pretty certain I got that question on either 14.04 or 14.10
also, but as the OP was also running 15.04 it was irrelevant at the
moment. The default choice in the dialog was 'no', though.
> So I just set up the group, added myself to it, logged out and back in
> and I'm now in the wireshark group. But starting wireshark as plain old
> me still results in no snoopable interfaces. I still have to run
> wireshark as root if I want to capture packets live on an interface.
Yes, but as the group wasn't added to the system during the
install, /usr/bin/dumpcap wouldn't have been setgid 'wireshark'.
> Anyway, this looks like the absolute horses mouth:
>
> https://wiki.wireshark.org/CaptureSetup/CapturePrivileges
>
> I haven't tried their techniques yet though.
The dialog also pointed to /usr/share/doc/wireshark/README.Debian,
which I assume say about the same thing as that web page. In short, it
should give you the choice (again, if you missed it) if you run
'dpkg-reconfigure wireshark-common'. It will then use capabilities, or
fall back to a suid binary if capabilities are not available.
Petter
--
"I'm ionized"
"Are you sure?"
"I'm positive."
More information about the ubuntu-users
mailing list