Although the Wireshark package list in the most Linux distribution repositories, the current or nearby release version almost not exist in the default repositories. This is why we need to do other choice by finding the PPA or compiling the Wireshark source.
Install Wireshark via PPA (# 1)
In a terminal, we have to add the PPA to the Lubuntu 14.04 system by using the sudo add-apt-repository ppa:pi-rho/security command.
next to update the local repository index with the latest change by using the sudo apt-get update command.
Finally, install the Wireshark package by using the sudo apt-get install wireshark command
In the installation process, we have to do other steps for the specific user to use wireshark if we choose the non-superusers can capture packets.
To create a new group 'wireshark' by using the sudo groupadd wireshark command
To add a login user to a specific group by using the sudo usermod -G wireshark -a
To change a group ownership of a file/files by using the sudo chgrp wireshark /usr/bin/dumpcap command
To set a file/directory permission by using the sudo chmod 750 /usr/bin/dumpcap command.
To grant the use of RAW/PACKET sockets(cap_net_raw) and various network-related operation(cap_net_admin) capabilities by using the sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap command. (# 2)
To verify this change by using the sudo getcap /usr/bin/dumpcap command.
At the moment, please log out and back in for the new group assignment to take effect and execute the wireshark command in the terminal. So do that we can see the full list of available adapters and can begin sniffing now.
Install Wireshark from Sources
Install the Wireshark required dependencies including tools/libs by using the sudo apt-get build-dep wireshark (# 3)
and sudo apt-get install qt4-default command.
To download the Wireshark archive from Wireshark Official WebSite or by using the wget https://2.na.dl.wireshark.org/src/wireshark-1.12.5.tar.bz2 --no-check-certificate command.
To unpack the Wireshark compressed file by using the tar -xjvf ./wireshark-1.12.5.tar.bz2 command and change directory to the extracted folder
To configure the build directory by using the ./autogen.sh script.
To compile the source for building correctly the Linux version by using the ./configure --enable-setcap-install script.
To build the sources by using the make command
To install the software by using the sudo make install command.
To run sudo ldconfig to properly update the shared library symbolic link.
Once the wireshark is installed, we can run it by using the wireshark command directly.
Reference :
(# 1). Remove Wireshark by using the sudo apt-get remove wireshark command
(# 2). eip indicate the capabilities list grants them in the effective, inheritable, and permitted bitmaps, respectively.
(# 3). If we got the error message as follows:
To resolve it by using the sudo apt-get install libjack0 command
and sudo apt-get install libcap-dev command
沒有留言:
張貼留言