ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 5256] Wireshark live list not working

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 26 Sep 2010 13:17:08 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5256

--- Comment #2 from Guy Harris <guy@xxxxxxxxxxxx> 2010-09-26 13:17:03 PDT ---
To quote the doc/README.packaging file in the Wireshark source code - please
note the two sentences that are in all caps, and note that "run XXX with sudo"
means "run XXX as root":

3. Privileges.

In versions up to and including 0.99.6, it was necessary to run
Wireshark with elevated privileges in order to be able to capture
traffic. With version 0.99.7, all function calls that require elevated
privileges have been moved out of the GUI to dumpcap.

WIRESHARK CONTAINS NEARLY TWO MILLION LINES OF SOURCE CODE. DO NOT RUN
THEM AS ROOT.

Warnings are displayed when Wireshark and TShark are run as root.

There are several configure-time options on non-Windows systems that
affect the privileges a normal user needs to capture traffic and list
interfaces:

    --enable-setcap-install   Install dumpcap with cap_net_admin and
                              cap_net_raw capabilities. Linux only.

    --enable-setuid-install   Install dumpcap setuid root.

    --with-libcap             If running as root, try to grab
                              CAP_NET_ADMIN and CAP_NET_RAW, then drop
                              privileges. Linux only.

    --with-dumpcap-group=...  Restricts dumpcap execution to the
                              specified group.

These are necessary for non-root users to be able to capture on most
systems, e.g. on Linux or FreeBSD if the user doesn't have permissions
to access /dev/bpf*. Setcap installation is preferred over setuid on
Linux. If "--enable-setcap-install" is used it will override any setuid

settings.

The "--with-libcap" option is only useful when dumpcap is installed
setuid. If it is enabled dumpcap will try to drop any setuid privileges
it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW
capabilities. It is enabled by default, if the Linux capabilities
library (on which it depends) is found.

Note that enabling setcap or setuid installation allows packet capture 
for ALL users on your system. If this is not desired, you can restrict
dumpcap execution to a specific group or user. The following two examples
show how to restrict access using setcap and setuid respectively:

# groupadd -g packetcapture 
# chmod 750 /usr/bin/dumpcap  
# chgrp packetcapture /usr/bin/dumpcap
# setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap

# groupadd -g packetcapture
# chgrp packetcapture /usr/bin/dumpcap
# chmod 4750 /usr/bin/dumpcap

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube