Of course, if my network is down I'm not going to be able to download Wireshark. Fortunately, I remembered to re-install Wireshark on my new computer before I needed it. I installed it using the Ubuntu Software Centre.
A new feature of Wireshark that I didn't know about: If you add yourself to the "wireshark" group, you can do live captures without running Wireshark as root.
sudo adduser --disabled-login --disabled-password wireshark
sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 754 /usr/bin/dumpcap
sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap
Now add yourself to the wireshark group and log out. When you log back in you should be able to do live captures without root privileges. To add yourself to the wireshark group in a terminal, type:
adduser your-user-name wireshark
The Wireshark documentation for this is here (scroll down a bit).
No comments:
Post a Comment