Linux network and tool
http://www.tcpdump.org/tcpdump_man.html http://www.cubrid.org/blog/dev-platform/understanding-tcp-ip-network-stack/ https://wiki.openwrt.org/doc/networking/praxis http://bencane.com/2014/10/13/quick-and-practical-reference-for-tcpdump/ http://dillonhale.com/blog/linux-tutorials/tcpdump-primer/
$ sudo apt-get install wireshark
Run wireshark First, I run it as non-root and can see interface list to capture so I try to run it with sudo
Solve: Setting network privileges for dumpcap
$ sudo wireshark & Lua: Error during loading: [string "/usr/share/wireshark/init.lua"]:46: dofile has been disabled due to running Wireshark as superuser. See http://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
1. Ensure your linux kernel and filesystem supports File Capabilities and also you have installed necessary tools. 2. sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap 3. Start Wireshark as non-root and ensure you see the list of interfaces and can do capture.
$ sudo apt-get install tcpdump