Translate

2016년 7월 10일 일요일

[Ubuntu] 우분투에서 WireShark 설치 방법



OS: Ubuntu 15.10 Gnome


아래와 같이 WireShark 설치를 했다.
(마지막 명령어로 /usr/bin/wireshark 경로에 설치가 되었음을 확인할 수 있다.)
와이어샤크, 1004lucifer

lucifer@lucifer-Vostro-V13:~$ sudo apt-get install wireshark
[sudo] password for lucifer: 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  linux-image-4.2.0-16-generic linux-image-4.2.0-35-generic linux-image-4.2.0-36-generic linux-image-extra-4.2.0-16-generic
  linux-image-extra-4.2.0-35-generic linux-image-extra-4.2.0-36-generic
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  geoip-database-extra libjs-openlayers libsmi2ldbl libwireshark-data libwireshark5 libwiretap4 libwsutil4 wireshark-common
Suggested packages:
  snmp-mibs-downloader wireshark-doc
The following NEW packages will be installed:
  geoip-database-extra libjs-openlayers libsmi2ldbl libwireshark-data libwireshark5 libwiretap4 libwsutil4 wireshark wireshark-common
0 upgraded, 9 newly installed, 0 to remove and 3 not upgraded.
Need to get 23.6 MB of archives.
After this operation, 112 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
WARNING: The following packages cannot be authenticated!
  libsmi2ldbl geoip-database-extra libjs-openlayers libwireshark-data libwsutil4 libwiretap4 libwireshark5 wireshark-common wireshark
Install these packages without verification? [y/N] y
Get:1 http://kr.archive.ubuntu.com/ubuntu/ wily/main libsmi2ldbl amd64 0.4.8+dfsg2-9ubuntu3 [100 kB]
Get:2 http://kr.archive.ubuntu.com/ubuntu/ wily/universe geoip-database-extra all 20150810-1 [9,680 kB]
Get:3 http://kr.archive.ubuntu.com/ubuntu/ wily/universe libjs-openlayers all 2.13.1+ds2-1 [675 kB]
Get:4 http://kr.archive.ubuntu.com/ubuntu/ wily/universe libwireshark-data all 1.12.7+g7fc8978-1 [813 kB]
Get:5 http://kr.archive.ubuntu.com/ubuntu/ wily/universe libwsutil4 amd64 1.12.7+g7fc8978-1 [52.9 kB]
Get:6 http://kr.archive.ubuntu.com/ubuntu/ wily/universe libwiretap4 amd64 1.12.7+g7fc8978-1 [142 kB]
Get:7 http://kr.archive.ubuntu.com/ubuntu/ wily/universe libwireshark5 amd64 1.12.7+g7fc8978-1 [11.3 MB]
Get:8 http://kr.archive.ubuntu.com/ubuntu/ wily/universe wireshark-common amd64 1.12.7+g7fc8978-1 [144 kB]
Get:9 http://kr.archive.ubuntu.com/ubuntu/ wily/universe wireshark amd64 1.12.7+g7fc8978-1 [728 kB]
Fetched 23.6 MB in 4s (5,478 kB/s) 
Preconfiguring packages ...
Selecting previously unselected package libsmi2ldbl:amd64.
(Reading database ... 315073 files and directories currently installed.)
Preparing to unpack .../libsmi2ldbl_0.4.8+dfsg2-9ubuntu3_amd64.deb ...
Unpacking libsmi2ldbl:amd64 (0.4.8+dfsg2-9ubuntu3) ...
Selecting previously unselected package geoip-database-extra.
Preparing to unpack .../geoip-database-extra_20150810-1_all.deb ...
Unpacking geoip-database-extra (20150810-1) ...
Selecting previously unselected package libjs-openlayers.
Preparing to unpack .../libjs-openlayers_2.13.1+ds2-1_all.deb ...
Unpacking libjs-openlayers (2.13.1+ds2-1) ...
Selecting previously unselected package libwireshark-data.
Preparing to unpack .../libwireshark-data_1.12.7+g7fc8978-1_all.deb ...
Unpacking libwireshark-data (1.12.7+g7fc8978-1) ...
Selecting previously unselected package libwsutil4:amd64.
Preparing to unpack .../libwsutil4_1.12.7+g7fc8978-1_amd64.deb ...
Unpacking libwsutil4:amd64 (1.12.7+g7fc8978-1) ...
Selecting previously unselected package libwiretap4:amd64.
Preparing to unpack .../libwiretap4_1.12.7+g7fc8978-1_amd64.deb ...
Unpacking libwiretap4:amd64 (1.12.7+g7fc8978-1) ...
Selecting previously unselected package libwireshark5:amd64.
Preparing to unpack .../libwireshark5_1.12.7+g7fc8978-1_amd64.deb ...
Unpacking libwireshark5:amd64 (1.12.7+g7fc8978-1) ...
Selecting previously unselected package wireshark-common.
Preparing to unpack .../wireshark-common_1.12.7+g7fc8978-1_amd64.deb ...
Unpacking wireshark-common (1.12.7+g7fc8978-1) ...
Selecting previously unselected package wireshark.
Preparing to unpack .../wireshark_1.12.7+g7fc8978-1_amd64.deb ...
Unpacking wireshark (1.12.7+g7fc8978-1) ...
Processing triggers for hicolor-icon-theme (0.15-0ubuntu1) ...
Processing triggers for man-db (2.7.4-1) ...
Processing triggers for shared-mime-info (1.3-1) ...
Processing triggers for gnome-menus (3.13.3-6ubuntu1) ...
Processing triggers for desktop-file-utils (0.22-1ubuntu3) ...
Processing triggers for mime-support (3.58ubuntu1) ...
Setting up libsmi2ldbl:amd64 (0.4.8+dfsg2-9ubuntu3) ...
Setting up geoip-database-extra (20150810-1) ...
Setting up libjs-openlayers (2.13.1+ds2-1) ...
Setting up libwireshark-data (1.12.7+g7fc8978-1) ...
Setting up libwsutil4:amd64 (1.12.7+g7fc8978-1) ...
Setting up libwiretap4:amd64 (1.12.7+g7fc8978-1) ...
Setting up libwireshark5:amd64 (1.12.7+g7fc8978-1) ...
Setting up wireshark-common (1.12.7+g7fc8978-1) ...
Setting up wireshark (1.12.7+g7fc8978-1) ...
Processing triggers for libc-bin (2.21-0ubuntu4.3) ...
lucifer@lucifer-Vostro-V13:~$ type wireshark 
wireshark is /usr/bin/wireshark
lucifer@lucifer-Vostro-V13:~$






설치 중 아래와 같은 화면이 보이게 된다.


위의 화면에서 'Yes' 를 누르면 설치는 끝나게 되고 앞으로 아래의 명령어와 같이 root 권한으로 wireshark 를 구동할 수 있다.
와이어샤크, 1004lucifer
(가장 간편한 방법이며, 'No' 를 선택했더라도 별다른 설정없이 아래의 명령어로 root 권한으로 바로 실행이 가능하다.)
 $ sudo wireshark





만일 평소 root 권한이 아닌 평소 로그인 계정으로 실행하고 싶다면 'No'를 선택 후 아래와 같이 작업을 해줘야 한다.

설정방법
(YOUR_USER_NAME 부분은 본인이 접속해 있는 계정명)
$ sudo addgroup -system wireshark
$ sudo chown root:wireshark /usr/bin/dumpcap
$ sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
$ sudo usermod -a -G wireshark YOUR_USER_NAME




나의 경우에는 아래와 같이 작업을 했다.


# wireshark 설치시에 자동으로 추가가 되어있었나 보다.
lucifer@lucifer-Vostro-V13:~$ sudo addgroup -system wireshark
addgroup: The group `wireshark' already exists as a system group. Exiting.
lucifer@lucifer-Vostro-V13:~$ cat /etc/group | tail -3
sambashare:x:130:lucifer
vboxusers:x:131:
wireshark:x:132:

# dumpcap 파일의 소유권도 설치 시 자동으로 변경해 준것 같다.
lucifer@lucifer-Vostro-V13:~$ ls -l /usr/bin/dumpcap
-rwxr-xr-- 1 root wireshark 85632  8월 16  2015 /usr/bin/dumpcap

# 이건 확인방법을 몰라서 그냥 한번 해줬다.
lucifer@lucifer-Vostro-V13:~$ sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

# 내 계정(lucifer)을 wireshark 그룹에 추가한다.
lucifer@lucifer-Vostro-V13:~$ sudo usermod -a -G wireshark lucifer
lucifer@lucifer-Vostro-V13:~$ cat /etc/group | tail -3
sambashare:x:130:lucifer
vboxusers:x:131:
wireshark:x:132:lucifer

lucifer@lucifer-Vostro-V13:~$






PS.

위의 작업을 했는데도 사용자 계정으로 wireshark 를 구동 시 인터페이스가 인식되지 못했다.
(root 계정으로 실행 시 문제없이 인터페이스가 인식되었다.)

(Couldn't run /usr/bin/dumpcap in child process: Permission denied)


원인분석을 해봤다.

lucifer@lucifer-Vostro-V13:~$ 
lucifer@lucifer-Vostro-V13:~$ ls -l /usr/bin/dumpcap
-rwxr-xr-- 1 root wireshark 85632  8월 16  2015 /usr/bin/dumpcap
lucifer@lucifer-Vostro-V13:~$ 
lucifer@lucifer-Vostro-V13:~$ whoami
lucifer
lucifer@lucifer-Vostro-V13:~$ 
lucifer@lucifer-Vostro-V13:~$ cat /etc/group | tail -2
vboxusers:x:131:
wireshark:x:132:lucifer
lucifer@lucifer-Vostro-V13:~$ 
lucifer@lucifer-Vostro-V13:~$ /usr/bin/dumpcap
bash: /usr/bin/dumpcap: Permission denied
lucifer@lucifer-Vostro-V13:~$


위의 상황대로라면 내계정(lucifer)은 wireshark 그룹에 들어있으니 /usr/bin/dumpcap 을 실행시킬 권한이 있음에도 불구하고 권한이 없다고 답변한다.

환경설정을 다시 로드 하기도 해보고 이것 저것 해봐도 안되길래 재부팅을 해보니 아무일 없다는 듯이 정상적으로 인터페이스가 추가된 것을 확인 할 수 있다.

* 위의 작업이 끝나고 아래의 링크의 작업을 추가로 해줘야 한다.
[Ubuntu] WireShark - The capture session could not be initiated on interface 문제







마음의 소리 - 다음엔 이런작업 안하고 root로 실행해서 사용해야겠다.

참고 링크
https://ask.wireshark.org/questions/7523/ubuntu-machine-no-interfaces-listed
http://blog.munilive.com/ubuntu-14-04-wireshark-no-interfaces-available/



댓글 없음 :

댓글 쓰기