summaryrefslogtreecommitdiffstats
path: root/debian/README.Debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian/README.Debian')
-rw-r--r--debian/README.Debian94
1 files changed, 94 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 00000000..f52ffe65
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,94 @@
+
+I. Capturing packets with Wireshark/Tshark
+
+ There are two ways of installing Wireshark/Tshark on Debian; the
+ installation process may offer a choice between these two ways,
+ asking "Should non-superuser be able to capture packets?"
+
+ I./a. Installing dumpcap without allowing non-root users to capture packets
+
+ Only root user will be able to capture packets. It is advised to capture
+ packets with the bundled dumpcap program as root and then run
+ Wireshark/Tshark as an ordinary user to analyze the captured logs. [2]
+
+ This is the default on Debian systems; it is selected by answering
+ "<No>" to the question mentioned above.
+
+ I./b. Installing dumpcap and allowing non-root users to capture packets
+
+ Members of the wireshark group will be able to capture packets on network
+ interfaces. This is the preferred way of installation if Wireshark/Tshark
+ will be used for capturing and displaying packets at the same time, since
+ that way only the dumpcap process has to be run with elevated privileges
+ thanks to the privilege separation[1].
+
+ This is selected by answering "<Yes>" to the question mentioned
+ above.
+
+ Note that no user will be added to group wireshark automatically;
+ a system administrator has to add them manually, using the usermod
+ command:
+
+ sudo usermod -a -G wireshark {username}
+
+ or, if you're using a desktop environment that includes a tool for
+ managing users, such as the "Users and Groups" tool in GNOME (found
+ in the gnome-system-tools package), using that tool. After a user
+ is added to the wireshark group, she/he may need to log in again to
+ make her/his new group membership take effect and be able to capture
+ packets.
+
+ The additional privileges are provided using the Linux Capabilities
+ system where it is available and resorting to setting the set-user-id
+ bit of the dumpcap binary as a fall-back, where the Linux Capabilities
+ system is not present (Debian GNU/kFreeBSD, Debian GNU/Hurd).
+
+ Linux kernels provided by Debian support Linux Capabilities, but custom
+ built kernels may lack this support. If the support for Linux
+ Capabilities is not present at the time of installing wireshark-common
+ package, the installer will fall back to set the set-user-id bit to
+ allow non-root users to capture packets.
+
+ If installation succeeds with using Linux Capabilities, non-root users
+ will not be able to capture packets while running kernels not supporting
+ Linux Capabilities.
+
+ Note that capturing USB packets is not enabled for non-root users by using
+ Linux Capabilities. You have to capture the packets using the method
+ described in I./a., setting the set-user-id permanently using
+ dpkg-statoverride or running dumpcap as root.
+
+ The installation method can be changed any time by running:
+
+ sudo dpkg-reconfigure wireshark-common
+
+ The question mentioned above will be asked; answer "<Yes>" to it.
+
+
+II. Installing SNMP MIBs
+
+ SNMP [4] OIDs can be decoded using MIBs provided by other packages.
+ wireshark-common suggests snmp-mibs-downloader which package can be used to
+ download a set of common MIBs Wireshark/Tshark tries to load at startup.
+
+ At the time of writing, MIBs are distributed under DFSG incompatible terms
+ [5] thus snmp-mibs-downloader has to be in the non-free archive area.
+ To keep wireshark in the main area [7], wireshark-common does not depend on
+ or recommend snmp-mibs-downloader and as a result snmp-mibs-downloader is
+ not installed automatically with wireshark.
+
+ To make Wireshark/Tshark able to decode OIDs, please install
+ snmp-mibs-downloader manually.
+
+ To help Wireshark/Tshark to decode OIDs without having to install packages
+ manually, please support the initiative of requesting additional rights
+ from RFC authors [5].
+
+
+ [1] https://gitlab.com/wireshark/wireshark/-/wikis/Development/PrivilegeSeparation
+ [2] https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CapturePrivileges
+ [3] https://blog.wireshark.org/2010/02/running-wireshark-as-you
+ [4] https://gitlab.com/wireshark/wireshark/-/wikis/SNMP
+ [5] https://wiki.debian.org/NonFreeIETFDocuments
+ [6] https://www.debian.org/doc/debian-policy/ch-archive.html#s-non-free
+ [7] https://www.debian.org/doc/debian-policy/ch-archive.html#s-main