Wireshark-dev: [Wireshark-dev] [ Process Information proposal + doubts on Capture Permissions ]
From: Ashish Raste <[email protected]>
Date: Mon, 29 Apr 2013 00:09:15 +0800
Hi Gerald, Guy and all developers,

Can you share your thoughts/suggestions on the proposal that I have submitted for Process Information(in the google-melange website) task? I think I need to do many revisions with the help of your suggestions before finalizing it.


From: Guy Harris <[email protected]>
To: Developer support list for Wireshark <[email protected]>
Subject: Re: [Wireshark-dev] GSoC 2013 Project Proposal for Root
        permissions     in wireshark
Message-ID: <[email protected]>
Content-Type: text/plain; charset=iso-8859-1


On Apr 25, 2013, at 7:26 AM, Surbhi Jain <[email protected]> wrote:

> Would it mean that end user can also capture traffic which won't belong to him or if he is not the owner of the packet? Security has no concern for capturing packets?

If somebody's concerned about capturing "third-party" traffic not being sent by or to the machine running the sniffer, then:

        if the network is wired, they should require that they be able to control what software is installed on machines plugged into the network and ensure that it can't put an interface into promiscuous mode;

        if the network is wireless, they should use at least WPA/WPA2 encryption on the network;

so that only traffic to or from the machine running the sniffer can be seen un-encrypted.

If somebody's concerned about capturing traffic to or from the machine running the sniffer that's not being sent by or to a process running as the user running the sniffer, then they should only allow administrators to run sniffers.

If somebody's concerned about a user of a personal computer being able to capture traffic to or from their own machine, they should only allow administrators to run sniffers and not make the users of the PCs they provide to employees have administrative privileges.

There are already plenty of packet sniffers out there that, if they can capture traffic at all, can capture traffic regardless of who it's to or from on the machine.  This project is about giving users *full* Wireshark capabilities without requiring them to run as root; it's not about limiting Wireshark's capabilities so as to make it acceptable to run on machines on corporate networks so locked-down that they don't even want users to see what daemons are doing on their own machines.


I understand that by *full* Wireshark capabilities, you mean that a normal user should be able to listen on promiscuous as well as monitor mode(if it can be enabled for an OS). I don't know about Windows OS but at least in Ubuntu, we can set ourselves to a group, add wireshark to that group and grant capabilities to run wireshark by using setcap. So I think we can provide an option

asking whether you want the "User-mode" set and when an user marks it, we can carry out the setcap routines (please refer to this link to get my point).

Ah well, all these steps need "sudo" access. Now I get my naive thoughts. Your comments needed here :)

Any hint/suggestion to kick-off my ideas for this capture permissions work? It would be helpful for my Process Information task at later stages.


Thanks!

Best,
--
Ashish