2 I. Capturing packets with Wireshark/Tshark
4 There are two ways of installing Wireshark/Tshark on Debian:
6 I./a. Installing dumpcap without allowing non-root users to capture packets
8 Only root user will be able to capture packets. It is advised to capture
9 packets with the bundled dumpcap program as root and then run
10 Wireshark/Tshark as an ordinary user to analyze the captured logs. [2]
12 This is the default on Debian systems.
14 I./b. Installing dumpcap and allowing non-root users to capture packets
16 Members of the wireshark group will be able to capture packets on network
17 interfaces. This is the preferred way of installation if Wireshark/Tshark
18 will be used for capturing and displaying packets at the same time, since
19 that way only the dumpcap process has to be run with elevated privileges
20 thanks to the privilege separation[1].
22 Note that no user will be added to group wireshark automatically, the
23 system administrator has to add them manually. After a user is added
24 to the wireshark group she/he may need to log in again to make her/his new
25 group membership take effect and be able to capture packets.
27 The additional privileges are provided using the Linux Capabilities
28 system where it is available and resort to setting the set-user-id bit
29 of the dumpcap binary as a fall-back, where the Linux Capabilities system
30 is not present (Debian GNU/kFreeBSD, Debian GNU/Hurd).
32 Linux kernels provided by Debian support Linux Capabilities, but custom
33 built kernels may lack this support. If the support for Linux
34 Capabilities is not present at the time of installing wireshark-common
35 package, the installer will fall back to set the set-user-id bit to
36 allow non-root users to capture packets.
38 If installation succeeds with using Linux Capabilities, non-root users
39 will not be able to capture packets while running kernels not supporting
42 Note that capturing USB packets is not enabled for non-root users by using
43 Linux Capabilities. You have to capture the packets using the method
44 described in I./a., setting the set-user-id permanently using
45 dpkg-statoverride or running Wireshark as root.
47 The installation method can be changed any time by running:
48 dpkg-reconfigure wireshark-common
51 II. Installing SNMP MIBs
53 SNMP [4] OIDs can be decoded using MIBs provided by other packages.
54 wireshark-common suggests snmp-mibs-downloader which package can be used to
55 download a set of common MIBs Wireshark/Tshark tries to load at startup.
57 At the time of writing, MIBs are distributed under DFSG incompatible terms
58 [5] thus snmp-mibs-downloader has to be in the non-free archive area.
59 To keep wireshark in the main area [7], wireshark-common does not depend on
60 or recommend snmp-mibs-downloader and as a result snmp-mibs-downloader is
61 not installed automatically with wireshark.
63 To make Wireshark/Tshark able to decode OIDs, please install
64 snmp-mibs-downloader manually.
66 To help Wireshark/Tshark to decode OIDs without having to install packages
67 manually, please support the initiative of requesting additional rights
71 [1] https://wiki.wireshark.org/Development/PrivilegeSeparation
72 [2] https://wiki.wireshark.org/CaptureSetup/CapturePrivileges
73 [3] https://blog.wireshark.org/2010/02/running-wireshark-as-you
74 [4] https://wiki.wireshark.org/SNMP
75 [5] https://wiki.debian.org/NonFreeIETFDocuments
76 [6] https://www.debian.org/doc/debian-policy/ch-archive.html#s-non-free
77 [7] https://www.debian.org/doc/debian-policy/ch-archive.html#s-main