We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: Re: [Wireshark-users] [patch] drop privs in dumpcap if run setuid

From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
Date: Fri, 16 Feb 2007 13:29:20 +0800

Hank Leininger wrote:
On Thu, Feb 15, 2007 at 08:47:40PM +0100, Ulf Lamping wrote:
Guy Harris wrote:
I think he means the list of interfaces on which you can capture.
Yes, the menu item: Capture / Interfaces ...

Ah, OK.  Looking at the docs with nice win32 screen captures, I see why
I did not know what you mean--I had never seen it actually work.  At the
moment on a non-BPF-having UNIX, you either a)run everything
non-privileged, and cannot get sniffing permissions at all, or b)run
everything as root, in which case gtk will refuse to even run the
Wireshark GUI, so you never see it.

Hmm, there's also the obvious option (c) where you "su" root and run Wireshark as root but not set-uid. Works well for me though it's still more work than I'd like: In my environment everyone can have network capture access so I'd love to install Wireshark set-uid but I presently can't.