/usr/share/doc/wireshark-common/README.Debian

1. I. Capturing packets with Wireshark/Tshark
2.  
3. There are two ways of installing Wireshark/Tshark on Debian:
4.  
5. I./a. Installing dumpcap without allowing non-root users to capture packets
6.  
7. Only root user will be able to capture packets. It is advised to capture
8. packets with the bundled dumpcap program as root and then run
9. Wireshark/Tshark as an ordinary user to analyze the captured logs. [2]
10.  
11. This is the default on Debian systems.
12.  
13. I./b. Installing dumpcap and allowing non-root users to capture packets
14.  
15. Members of the wireshark group will be able to capture packets on network
16. interfaces. This is the preferred way of installation if Wireshark/Tshark
17. will be used for capturing and displaying packets at the same time, since
18. that way only the dumpcap process has to be run with elevated privileges
19. thanks to the privilege separation[1].
20.  
21. Note that no user will be added to group wireshark automatically, the
22. system administrator has to add them manually.
23.  
24. The additional privileges are provided using the Linux Capabilities
25. system where possible or using the set-user-id bit, where the Linux
26. Capabilities are not present (Debian GNU/kFreeBSD, Debian GNU/Hurd).
27.  
28. Linux kernels provided by Debian support Linux Capabilities, but custom
29. built kernels may lack this support. If the support for Linux
30. Capabilities is not present at the time of installing wireshark-common
31. package, the installer will fall back to set the set-user-id bit to
32. allow non-root users to capture packets.
33.  
34. If installation succeeds with using Linux Capabilities, non-root users
35. will not be able to capture packets while running kernels not supporting
36. Linux Capabilities.
37.  
38.  
39. The installation method can be changed any time by running:
40. dpkg-reconfigure wireshark-common
41.  
42.  
43. II. Installing SNMP MIBs
44.  
45. SNMP [4] OIDs can be decoded using MIBs provided by other packages.
46. wireshark-common suggests snmp-mibs-downloader which package can be used to
47. download a set of common MIBs Wireshark/Tshark tries to load at startup.
48.  
49. At the time of writing, MIBs are distributed under DFSG incompatible terms
50. [5] thus snmp-mibs-downloader has to be in the non-free archive area.
51. To keep wireshark in the main area [7], wireshark-common does not depend on
52. or recommend snmp-mibs-downloader and as a result snmp-mibs-downloader is
53. not installed automatically with wireshark.
54.  
55. To make Wireshark/Tshark able to decode OIDs, please install
56. snmp-mibs-downloader manually.
57.  
58. To help Wireshark/Tshark to decode OIDs without having to install packages
59. manually, please support the initiative of requesting additional rights
60. from RFC authors [5].
61.  
62.  
63. [1] http://wiki.wireshark.org/Development/PrivilegeSeparation
64. [2] http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
65. [3] https://blog.wireshark.org/2010/02/running-wireshark-as-you
66. [4] http://wiki.wireshark.org/SNMP
67. [5] http://wiki.debian.org/NonFreeIETFDocuments
68. [6] http://www.debian.org/doc/debian-policy/ch-archive.html#s-non-free
69. [7] http://www.debian.org/doc/debian-policy/ch-archive.html#s-main