Difference between revisions of "Wireshark"
m |
m |
||
Line 1: | Line 1: | ||
<yambe:breadcrumb>Network related tools</yambe:breadcrumb> | <yambe:breadcrumb self="Wireshark">Network related tools|Network related tools</yambe:breadcrumb> | ||
=Wireshark= | =Wireshark= | ||
Line 48: | Line 48: | ||
chmod 4750 /usr/bin/dumpcap | chmod 4750 /usr/bin/dumpcap | ||
</pre> | </pre> | ||
<yambe:breadcrumb self="Wireshark">Network related tools|Network related tools</yambe:breadcrumb> |
Revision as of 08:41, 9 September 2018
<yambe:breadcrumb self="Wireshark">Network related tools|Network related tools</yambe:breadcrumb>
Wireshark
Wireshark is very useful packet analysis tool which can give detailed protocol analysis.
Running wireshark as normal user
Since wireshark needs to capture packets from network interface, it usually requires root privileges to run. There are many ways to run wireshark as normal user without requiring root password. Some of them are:
Giving user sudo access
We can configure sudo access for some normal user so that they can run wireshark executable with root privileges without requiring root password. For that following line can be appended to /etc/sudoers file via 'echo' or 'visudo'
<user_name> ALL = NOPASSWD: /usr/sbin/wireshark
Note: /usr/bin/wireshark is not path of wireshark executable, it is link to console helper. Actual executable is usually present in /usr/sbin/wireshark'
Giving wireshark or dumpcap set-uid permissions
We can make wireshark executable set-uid so that it runs with root privileges and all users on system can run it directly. We can also make dumpcap executable set-uid so that it runs with root privileges and all users on system can run it directly and thereby wireshark. This method is not recommended.
chmod +s /usr/sbin/wireshark
or
chmod +s /usr/sbin/dumpcap
Since wireshark uses dumpcap for capturing packets giving set-uid permissions to either just wireshark or just dumpcap is enough. We do not need to make both programs set-uid to be able to run wireshark from normal user accounts.
Creating a special group for wireshark or dumpcap
We can create a special group for wireshark and/or dumpcap and make dumpcap executable readable / executable by just that group. Then we can add users to the created group so that they can run wireshark without requiring root password. This is more safer then previous method where all users can run wireshark without requiring root password.
groupadd -g wireshark usermod -a -G wireshark <username> chgrp wireshark /usr/sbin/dumpcap chmod 4750 /usr/bin/dumpcap
<yambe:breadcrumb self="Wireshark">Network related tools|Network related tools</yambe:breadcrumb>