安装参考博客:https://blog.csdn.net/jipengwang/article/details/78799310
安装命令:sudo apt-get install wireshark
设置非root用户权限:sudo dpkg-reconfigure wireshark-common
添加wireshark到group中,用vim打开group:sudo vim /etc/group,然后进行编辑;
安装完了运行wireshark,会出现couldn’t run/usr/bin/dumpcap in child process:Permission denied没有权限的提示;执行下面指令即可解决:
sudo apt-get install libcap2-bin wireshark
sudo chgrp myusername /usr/bin/dumpcap
sudo chmod 750 /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap
权限问题参考地址:
https://blog.csdn.net/liguangxianbin/article/details/79401509
Wireshark过滤器使用(可查看官方文档):
ip.src eq 192.168.8.104 and tcp.len > 60 只查看发送端的数据
Ip.dst eq 192.168.8.141 and tcp.len > 60 只查看接收端的数据
ip.addr == 192.168.8.141 查看发送或接收端是这个ip地址的包