Simple wireshark appliance using the raspberry pi
install wireshark
fire up terminal
sudo apt-get install wireshark
once that is complete do not start wireshark, you need to configure your lan card
sudo groupadd wireshark
Add your username to the wireshark group
sudo usermod -a -G wireshark YOUR_NAME_HERE
Change the group ownership of the dompcap to wireshark
sudo chgrp wireshark /usr/bin/dumpcap
Change the mode of the file dump cap to allow execution by the group
sudo chmod 750 /usr/bin/dumpcap
Grant capabilities with setcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
Verify the change
sudo getcap /usr/bin/dumpcap
now logoff or restart your PI and fire up wireshark
See how easy that was, google wireshark for "How too's"
Thanks for the lovely rightup. I am currently getting the error shown below. Please help.
ReplyDeletepi@zoompi:~ $ wireshark
Unable to init server: Could not connect: Connection refused
(wireshark:4052): Gtk-WARNING **: cannot open display:
did you change permission on /usr/bin/dumpcap
ReplyDelete