[Please don't cc. me.] On Fri, 25 Jun 2010 21:29:50 +0200 Merciadri Luca <luca.mercia...@student.ulg.ac.be> wrote:
> Celejar wrote: > > On Fri, 25 Jun 2010 16:46:52 +0200 > > Merciadri Luca <luca.mercia...@student.ulg.ac.be> wrote: > > > > > > > > /usr/share/doc/wireshark-common/README.Debian discusses wireshark and > > necessary privileges. This came up a while back on the lists, and > > someone said that this README, while in Sid, is not in earlier Debian > > versions. > > > I had already read it, but here is what it gives me: > > == > Warning! > > Using the != operator on combined expressions like: eth.addr, ip.addr, > tcp.port, > udp.port and alike will probably not work as expected! Different README; mine doesn't have that stuff, but: I. Capturing packets with Wireshark/Tshark There are two ways of installing Wireshark/Tshark on Debian: I./a. Installing dumpcap and allowing non-root users to capture packets Members of the wireshark group will be able to capture packets on network interfaces. This is the preferred way of installation if Wireshark/Tshark will be used for capturing and displaying packets at the same time, since that way only the dumpcap process has to be run with elevated privileges thanks to the privilege separation[1]. Note that no user will be added to group wireshark automatically, the system administrator has to add them manually. The additional privileges are provided using the Linux Capabilities system where possible or using the set-user-id bit, where the Linux Capabilities are not present (Debian GNU/kFreeBSD, Debian GNU/Hurd). Linux kernels provided by Debian support Linux Capabilities, but custom built kernels may lack this support. If the support for Linux Capabilities is not present at the time of installing wireshark-common package, the installer will fall back to set the set-user-id bit to allow non-root users to capture packets. If installation succeeds with using Linux Capabilities, non-root users will not be able to capture packets while running kernels not supporting Linux Capabilities. I./b. Installing dumpcap without allowing non-root users to capture packets Only root user will be able to capture packets. It is advised to capture packets with the bundled dumpcap program as root and then run Wireshark/Tshark as an ordinary user to analyze the captured logs. [2] The installation method can be changed any time by running: dpkg-reconfigure wireshark-common Celejar -- foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100625161659.98bf2d17.cele...@gmail.com