linux普通用户权限 wireshark 抓包

1. Ensure your linux kernel and filesystem supports File Capabilities and also you have installed necessary tools.

2. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap"

3. Start Wireshark as non-root and ensure you see the list of interfaces and can do live capture.

1. Create user "wireshark" in group "wireshark".

2. "chgrp wireshark /usr/bin/dumpcap"

3. chmod 754 /usr/bin/dumpcap

4. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap"

5. Ensure Wireshak works only from root and from a user in the "wireshark" group

注意， 如果是自己通过源代码编译安装的wireshark一般默认路径是安装在/usr/local/bin/dumpcap, 所以需要指定正确的路径。

其余系统可以参考下面的链接http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

这个链接是在第一次使用root运行wireshark抓包显示的， 我想大部分人应该不会去注意提示信息吧。