On Wed, 24 Feb 2010 12:55:31 -0500
Jordan Metzmeier <titan8...@gmail.com> wrote:
> On Wed, Feb 24, 2010 at 12:35 PM, Eduardo M KALINOWSKI
> <edua...@kalinowski.com.br> wrote:
> > On Qua, 24 Fev 2010, Jon Dowland wrote:
> >>
> >> What is the actual protocol you are trying to read? You
> >> probably need to use a friendly protocol dissector to read
> >> and interpret your packet capture. Wireshark can do this.
> >>
> >> # tcpdump src 172.16.4.1 -w output-file
> >> $ sudo wireshark output-file
> >
> > Since wireshark will be only looking at a previously captured file (and not
> > doing captures itself), it does not need root privileges, right?
> >
>
> This is correct. I always open previously captured files in wireshark
> as an unprivledged user.
In Debian, Wireshark should probably never be run as root, even when
capturing packets. See the README.Debian:
I. Capturing packets with Wireshark/Tshark
There are two ways of installing Wireshark/Tshark on Debian:
I./a. Installing dumpcap and allowing non-root users to capture packets
Members of the wireshark group will be able to capture packets on network
interfaces. This is the preferred way of installation if Wireshark/Tshark
will be used for capturing and displaying packets at the same time, since
that way only the dumpcap process has to be run with elevated privileges
thanks to the privilege separation[1].
Note that no user will be added to group wireshark automatically, the
system administrator has to add them manually.
The additional priviliges are provided using the Linux Capabilities
system where possible or using the set-user-id bit, where the Linux
Capabilities are not present (Debian GNU/kFreeBSD, Debian GNU/Hurd).
Linux kernels provided by Debian support Linux Capabilities, but custom
built kernels may lack this support. If the support for Linux
Capabilities is not present at the time of installing wireshark-common
package, the installer will fall back to set the set-user-id bit to
allow non-root users to capture packets.
If installation succeeds with using Linux Capabilities, non-root users
will not be able to capture packets while running kernels not supporting
Linux Capabilities.
I./b. Installing dumpcap without allowing non-root users to capture packets
Only root user will be able to capture packets. It is advised to capture
packets with the bundled dumpcap program as root and then run
Wireshark/Tshark as an ordinary user to analyze the captured logs. [2]
The installation method can be changed any time by running:
dpkg-reconfigure wireshark-common
[1] http://wiki.wireshark.org/Development/PrivilegeSeparation
[2] http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
[3] https://blog.wireshark.org/2010/02/running-wireshark-as-you
Celejar
--
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100224142606.681c1000.cele...@gmail.com
