Thursday, July 30, 2015

WireShark Raspberry PI

Simple wireshark appliance using the raspberry pi

install wireshark

fire up terminal

sudo apt-get install wireshark

once that is complete do not start wireshark, you need to configure your lan card

sudo groupadd wireshark

Add your username to the wireshark group

sudo usermod -a -G wireshark YOUR_NAME_HERE

Change the group ownership of the dompcap to wireshark

sudo chgrp wireshark /usr/bin/dumpcap

Change the mode of the file dump cap to allow execution by the group

sudo chmod 750 /usr/bin/dumpcap

Grant capabilities with setcap

sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

Verify the change

sudo getcap /usr/bin/dumpcap

now logoff or restart your PI and fire up wireshark

See how easy that was, google wireshark for "How too's"




2 comments:

  1. Thanks for the lovely rightup. I am currently getting the error shown below. Please help.
    pi@zoompi:~ $ wireshark
    Unable to init server: Could not connect: Connection refused

    (wireshark:4052): Gtk-WARNING **: cannot open display:

    ReplyDelete
  2. did you change permission on /usr/bin/dumpcap

    ReplyDelete