setting up Wireshark and tshark

Discussion in 'all things UNIX' started by iceni60, May 4, 2012.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    this is so you can run both Wireshark and tshark as a user rather than root which is dangerous.

    Code:
    sudo apt-get install libcap2-bin wireshark 
    sudo chgrp admin /usr/bin/dumpcap 
    sudo chmod 750 /usr/bin/dumpcap 
    sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap
    hopefully someone will find it useful :)

    i was following this and getting this error -
    Code:
    tshark: Lua: Error during loading:
     [string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled
    the above commands, in the first code box, fixed the problem for me :)

    1. Run the following command (as root or sudo root) to list the network interfaces:

    tshark -D

    2. Let us say you want to trace eth0, run the follwoing command:

    tshark -F libpcap -w /tmp/eth0_tshark_trace.pcap -i eth0

    -F libpcap specifies the file format of the trace. SAP support usually requests for libpcap.
    -w /tmp/eth0_tshark_trace.pcap specifies the file name where the trace is written.
    -i eth0 specifies that the trace is being written for the network interface eth0.

    If you want to see the trace on the scree, use the following command:

    tshark -i eth0

    3. Once you have recreated the problem close tshark with ctrl+c
     
    Last edited: May 4, 2012
  2. tlu

    tlu Guest

    Exactly. One small additional comment: In Ubuntu 12.04 the "admin" group has been renamed to "adm".

    So the 2nd command should look like this:

    sudo chgrp adm /usr/bin/dumpcap

    Normally I have no use for Wireshark. But recently I installed it to check if DNSCrypt is working on my system following the advice here. It does :) I had installed it using the method described here which changed compared to Ubuntu 11.10 due to 12.04 using dnsmasq as a local DNS cache.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.