diff options
Diffstat (limited to 'debian/README.Debian')
-rw-r--r-- | debian/README.Debian | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 00000000..f52ffe65 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,94 @@ + +I. Capturing packets with Wireshark/Tshark + + There are two ways of installing Wireshark/Tshark on Debian; the + installation process may offer a choice between these two ways, + asking "Should non-superuser be able to capture packets?" + + I./a. Installing dumpcap without allowing non-root users to capture packets + + Only root user will be able to capture packets. It is advised to capture + packets with the bundled dumpcap program as root and then run + Wireshark/Tshark as an ordinary user to analyze the captured logs. [2] + + This is the default on Debian systems; it is selected by answering + "<No>" to the question mentioned above. + + I./b. Installing dumpcap and allowing non-root users to capture packets + + Members of the wireshark group will be able to capture packets on network + interfaces. This is the preferred way of installation if Wireshark/Tshark + will be used for capturing and displaying packets at the same time, since + that way only the dumpcap process has to be run with elevated privileges + thanks to the privilege separation[1]. + + This is selected by answering "<Yes>" to the question mentioned + above. + + Note that no user will be added to group wireshark automatically; + a system administrator has to add them manually, using the usermod + command: + + sudo usermod -a -G wireshark {username} + + or, if you're using a desktop environment that includes a tool for + managing users, such as the "Users and Groups" tool in GNOME (found + in the gnome-system-tools package), using that tool. After a user + is added to the wireshark group, she/he may need to log in again to + make her/his new group membership take effect and be able to capture + packets. + + The additional privileges are provided using the Linux Capabilities + system where it is available and resorting to setting the set-user-id + bit of the dumpcap binary as a fall-back, where the Linux Capabilities + system is not present (Debian GNU/kFreeBSD, Debian GNU/Hurd). + + Linux kernels provided by Debian support Linux Capabilities, but custom + built kernels may lack this support. If the support for Linux + Capabilities is not present at the time of installing wireshark-common + package, the installer will fall back to set the set-user-id bit to + allow non-root users to capture packets. + + If installation succeeds with using Linux Capabilities, non-root users + will not be able to capture packets while running kernels not supporting + Linux Capabilities. + + Note that capturing USB packets is not enabled for non-root users by using + Linux Capabilities. You have to capture the packets using the method + described in I./a., setting the set-user-id permanently using + dpkg-statoverride or running dumpcap as root. + + The installation method can be changed any time by running: + + sudo dpkg-reconfigure wireshark-common + + The question mentioned above will be asked; answer "<Yes>" to it. + + +II. Installing SNMP MIBs + + SNMP [4] OIDs can be decoded using MIBs provided by other packages. + wireshark-common suggests snmp-mibs-downloader which package can be used to + download a set of common MIBs Wireshark/Tshark tries to load at startup. + + At the time of writing, MIBs are distributed under DFSG incompatible terms + [5] thus snmp-mibs-downloader has to be in the non-free archive area. + To keep wireshark in the main area [7], wireshark-common does not depend on + or recommend snmp-mibs-downloader and as a result snmp-mibs-downloader is + not installed automatically with wireshark. + + To make Wireshark/Tshark able to decode OIDs, please install + snmp-mibs-downloader manually. + + To help Wireshark/Tshark to decode OIDs without having to install packages + manually, please support the initiative of requesting additional rights + from RFC authors [5]. + + + [1] https://gitlab.com/wireshark/wireshark/-/wikis/Development/PrivilegeSeparation + [2] https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CapturePrivileges + [3] https://blog.wireshark.org/2010/02/running-wireshark-as-you + [4] https://gitlab.com/wireshark/wireshark/-/wikis/SNMP + [5] https://wiki.debian.org/NonFreeIETFDocuments + [6] https://www.debian.org/doc/debian-policy/ch-archive.html#s-non-free + [7] https://www.debian.org/doc/debian-policy/ch-archive.html#s-main |