在幽兰上安装 Linux 版的 WireShark

文章内容参考自 https://github.com/rahulelex/build-wireshark-on-ubuntu/blob/main/README.md， 笔者将之翻译成中文并稍加修饰拓展，使 wireshark 更加适配幽兰

1. 下载源码

   mkdir -p /home/geduer/tools && cd /home/geduer/tools
   git clone https://gitlab.com/wireshark/wireshark.git

2. 安装依赖

   cd /home/geduer/tools/wireshark/tools
   sudo ./debian-setup.sh --install-qt5-deps --install-optional --install-deb-deps
   cd ..

3. 编译

   mkdir /home/geduer/tools/wireshark/build && cd /home/geduer/tools/wireshark/build  # cmake预编译
   sudo cmake -GNinja -DUSE_qt6=OFF -DENABLE_WERROR=OFF -DCMAKE_INSTALL_PREFIX=$PWD/.. ..
   sudo ninja # 开始编译
   sudo ninja install # 编译需要一段时间，请耐心等待即可

4. 设置权限
   新建wireshark组并配置权限

   sudo groupadd wireshark # 创建 wireshark 
   sudo usermod -a -G wireshark geduer
   sudo usermod -a -G wireshark root

   把 Wireshark 安装迁到安全目录

   sudo rsync -a --delete /home/geduer/tools/wireshark/ /opt/wireshark

   配置 dumpcap 的权限

   sudo chown root:wireshark /opt/wireshark/bin/dumpcap
   sudo chmod 750 /opt/wireshark/bin/dumpcap
   sudo setcap cap_net_raw,cap_net_admin=ep /opt/wireshark/bin/dumpcap # 赋予抓包所需能力
   getcap /opt/wireshark/bin/dumpcap # 确认权限
   newgrp wireshark # 用户组权限生效

   为特殊接口补齐内核模块与设备权限

   sudo modprobe usbmon # 加载模块
   echo 'SUBSYSTEM=="usbmon", GROUP="wireshark", MODE="0640"' | sudo tee /etc/udev/rules.d/99-usbmon.rules # udev 规则：让组 wireshark 可读
   sudo udevadm control --reload-rules
   sudo udevadm trigger
   ls -l /dev/usbmon*
   sudo modprobe nfnetlink
   sudo modprobe nfnetlink_log
   sudo modprobe nfnetlink_queue
   getent group bluetooth && sudo usermod -a -G bluetooth geduer

   查看dumpcap信息

   /opt/wireshark/bin/dumpcap -v

   
   确认目前能识别哪些设备

   newgrp wireshark
   sudo /opt/wireshark/bin/dumpcap -D

   

5. 创建.desktop文件，启动器以便从菜单/任务栏启动

   mkdir -p /home/geduer/.local/share/applications && vim /home/geduer/.local/share/applications/wireshark.desktop

   将下面内容复制到刚刚打开的wireshark.desktop中

   [Desktop Entry]
   Version=1.0
   Type=Application
   Name=Wireshark
   Comment=Network traffic analyzer
   Exec=dbus-launch /opt/wireshark/bin/wireshark
   Icon=/opt/wireshark/resources/icons/wireshark.ico
   Categories=Network;Analysis;
   Terminal=false
   StartupWMClass=Wireshark
   Keywords=packet;capture;network;analyzer;pcap;wireshark;

   继续，设置权限并刷新缓存

   chmod +x ~/.local/share/applications/wireshark.desktop
   update-desktop-database ~/.local/share/applications

   按win键搜索wireshark
   

6. 重启电脑，验证抓包功能(图中以usb抓包为例)