From 682bc3296ec28cf6e80df9a3a2fdd70811921b6e Mon Sep 17 00:00:00 2001
From: z3rOR0ne <z3rOR0ne@protonmail.com>
Date: Sun, 7 Aug 2022 05:39:46 -0700
Subject: [PATCH] :memo: Added installation notes fo tshark

---
 install_tshark | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 install_tshark

diff --git a/install_tshark b/install_tshark
new file mode 100644
index 00000000..e8d8bcb0
--- /dev/null
+++ b/install_tshark
@@ -0,0 +1,17 @@
+# Taken from https://gist.github.com/PSJoshi/b7957946f866b8353423cfe764074662 (can be run as bash script if need be).
+
+sudo -s
+groupadd -g wireshark
+usermod -a -G wireshark your-user-name
+chgrp wireshark /usr/bin/dumpcap
+chmod 4750 /usr/bin/dumpcap
+
+#Ref - http://superuser.com/questions/319865/how-to-set-up-wireshark-to-run-without-root-on-debian
+
+Another option
+----------------
+# Install command line version of wireshark - tshark. It is not advisable to install wireshark GUI on the server!
+# Most distributions offer a "wireshark-cli" or "tshark" package. Then grant Linux capabilities
+
+$ sudo apt install tshark
+$ sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap