我正在使用linux pc并安装了tshark。并且必须使用TCL脚本在eth1接口中捕获数据包。但是tshark正在以root模式运行。捕获和运行pc的脚本是一样的。如何以root身份登录以及如何使用TCL运行tshark命令?请为我提供解决方案。
#!/usr/bin/tclsh
set out [exec tshark -V -i eth1 arp -c 1 ]
puts $out
test@test:~$ tclsh pcap.tcl
Capturing on eth1
tshark: The capture session could not be initiated (eth1: You don't have permission to capture on that device (socket: Operation not permitted)).
Please check to make sure you have sufficient permissions, and that you have the proper interface or pipe specified.
0 packets captured
while executing
"exec tshark -V -i eth1 arp -c 1 "
invoked from within
"set out [exec tshark -V -i eth1 arp -c 1 ]"
(file "pcap.tcl" line 5)
test@test:~$
答案 0 :(得分:1)
您必须通过tshark(或任何其他可用方式)提升sudo进程的权限,或使用提升的权限运行整个脚本。
这样做的方法可能比sudo更简单,因为它需要零自定义,这就是编写一个超级简单的C程序,它只需运行带有必要参数的/usr/bin/tshark然后制作该程序setuid root并与您的Tcl程序一起分发。只有在需要便携性时才需要这样做。否则sudo要简单得多。
答案 1 :(得分:1)
请尝试以下步骤,并参考此链接http://packetlife.net/blog/2010/mar/19/sniffing-wireshark-non-root-user/
root@test:/usr/bin# setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
root@test:/usr/bin# getcap /usr/bin/dumpcap
/usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip
root@test:/usr/bin# exit
exit
test@test:/usr/bin$ tshark -V -i eth1
Capturing on eth1
Frame 1 (60 bytes on wire, 60 bytes captured)
Arrival Time: Aug 8, 2013 13:54:27.481528000
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]