#author("2024-06-14T11:53:28+09:00","default:honma","honma")
* ubuntuにWiresharkをインストール [#h024ad50]

自宅のWindows10マシンが昇天したので、Ubuntuマシンとして人生を再スタート。~
仕事柄Wiresharkを入れていないと不便だよねぇ。ということで、インストール手順をおさらい。~
[[WiFiパケットの取得]]でも触れていたが、正しくはこちら。

 $ sudo apt install wireshark

だけ

 Dumpcap can be installed in a way that allows members of the "wireshark"
 system group to capture packets. This is recommended over the
 alternative of running Wireshark/Tshark directly as root, because less
 of the code will run with elevated privileges.
 
 For more detailed information please see
 /usr/share/doc/wireshark-common/README.Debian.gz once the package is
 installed.
 
 Enabling this feature may be a security risk, so it is disabled by
 default. If in doubt, it is suggested to leave it disabled.
 
 Should non-superusers be able to capture packets?

という質問があるので、「非スーパーユーザーがパケットをキャプチャできるようにする必要があるのか?」ということなので迷わず「はい」を選択。~
/usr/share/doc/wireshark-common/README.Debian.gz に詳細な情報があるというので

 $ zcat /usr/share/doc/wireshark-common/README.Debian.gz
 
 I. Capturing packets with Wireshark/Tshark
 
    There are two ways of installing Wireshark/Tshark on Debian; the
    installation process may offer a choice between these two ways,
    asking "Should non-superuser be able to capture packets?"
 
    I./a. Installing dumpcap without allowing non-root users to capture packets
 
       Only root user will be able to capture packets. It is advised to capture
       packets with the bundled dumpcap program as root and then run
       Wireshark/Tshark as an ordinary user to analyze the captured logs. [2]
 
       This is the default on Debian systems; it is selected by answering
       "<No>" to the question mentioned above.
 
    I./b. Installing dumpcap and allowing non-root users to capture packets
 
       Members of the wireshark group will be able to capture packets on network
       interfaces. This is the preferred way of installation if Wireshark/Tshark
       will be used for capturing and displaying packets at the same time, since
       that way only the dumpcap process has to be run with elevated privileges
       thanks to the privilege separation[1].
 
       This is selected by answering "<Yes>" to the question mentioned
       above.
 
       Note that no user will be added to group wireshark automatically;
       a system administrator has to add them manually, using the usermod
       command:
 
          sudo usermod -a -G wireshark {username}
 
       or, if you're using a desktop environment that includes a tool for
       managing users, such as the "Users and Groups" tool in GNOME (found
       in the gnome-system-tools package), using that tool.  After a user
       is added to the wireshark group, she/he may need to log in again to
       make her/his new group membership take effect and be able to capture
       packets.
 
       The additional privileges are provided using the Linux Capabilities
       system where it is available and resorting to setting the set-user-id
       bit of the dumpcap binary as a fall-back, where the Linux Capabilities
       system is not present (Debian GNU/kFreeBSD, Debian GNU/Hurd).
 
       Linux kernels provided by Debian support Linux Capabilities, but custom
       built kernels may lack this support. If the support for Linux
       Capabilities is not present at the time of installing wireshark-common
       package, the installer will fall back to set the set-user-id bit to
       allow non-root users to capture packets.
 
       If installation succeeds with using Linux Capabilities, non-root users
       will not be able to capture packets while running kernels not supporting
       Linux Capabilities.
 
       Note that capturing USB packets is not enabled for non-root users by using
       Linux Capabilities. You have to capture the packets using the method
       described in I./a., setting the set-user-id permanently using
       dpkg-statoverride or running dumpcap as root.
 
       The installation method can be changed any time by running:
 
          sudo dpkg-reconfigure wireshark-common
 
       The question mentioned above will be asked; answer "<Yes>" to it.
 
 
 II. Installing SNMP MIBs
 
     SNMP [4] OIDs can be decoded using MIBs provided by other packages.
     wireshark-common suggests snmp-mibs-downloader which package can be used to
     download a set of common MIBs Wireshark/Tshark tries to load at startup.
 
     At the time of writing, MIBs are distributed under DFSG incompatible terms
     [5] thus snmp-mibs-downloader has to be in the non-free archive area.
     To keep wireshark in the main area [7], wireshark-common does not depend on
     or recommend snmp-mibs-downloader and as a result snmp-mibs-downloader is
     not installed automatically with wireshark.
 
     To make Wireshark/Tshark able to decode OIDs, please install
     snmp-mibs-downloader manually.
 
     To help Wireshark/Tshark to decode OIDs without having to install packages
     manually, please support the initiative of requesting additional rights
     from RFC authors [5].
 
 
    [1] https://gitlab.com/wireshark/wireshark/-/wikis/Development/PrivilegeSeparation
    [2] https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CapturePrivileges
    [3] https://blog.wireshark.org/2010/02/running-wireshark-as-you
    [4] https://gitlab.com/wireshark/wireshark/-/wikis/SNMP
    [5] https://wiki.debian.org/NonFreeIETFDocuments
    [6] https://www.debian.org/doc/debian-policy/ch-archive.html#s-non-free
    [7] https://www.debian.org/doc/debian-policy/ch-archive.html#s-main

で確認。

今回は、下記のようにアクセス権を付与。

 $ sudo usermod -a -G wireshark {username}

ちなみに、下記のようにすれば再設定が可能。

 $ sudo dpkg-reconfigure wireshark-common

#htmlinsert(amazon_pc.html);


トップ   編集 差分 履歴 添付 複製 名前変更 リロード   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS