Difference between revisions of "Wireshark"
m |
m |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Network related tools]] > [[Wireshark]] | |||
Wireshark is very useful packet analysis tool which can give detailed protocol analysis. | Wireshark is very useful packet analysis tool which can give detailed protocol analysis. | ||
Line 48: | Line 47: | ||
chmod 4750 /usr/bin/dumpcap | chmod 4750 /usr/bin/dumpcap | ||
</pre> | </pre> | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Network related tools]] > [[Wireshark]] |
Latest revision as of 13:09, 23 August 2022
Home > CentOS > CentOS 6.x > Network related tools > Wireshark
Wireshark is very useful packet analysis tool which can give detailed protocol analysis.
Running wireshark as normal user
Since wireshark needs to capture packets from network interface, it usually requires root privileges to run. There are many ways to run wireshark as normal user without requiring root password. Some of them are:
Giving user sudo access
We can configure sudo access for some normal user so that they can run wireshark executable with root privileges without requiring root password. For that following line can be appended to /etc/sudoers file via 'echo' or 'visudo'
<user_name> ALL = NOPASSWD: /usr/sbin/wireshark
Note: /usr/bin/wireshark is not path of wireshark executable, it is link to console helper. Actual executable is usually present in /usr/sbin/wireshark'
Giving wireshark or dumpcap set-uid permissions
We can make wireshark executable set-uid so that it runs with root privileges and all users on system can run it directly. We can also make dumpcap executable set-uid so that it runs with root privileges and all users on system can run it directly and thereby wireshark. This method is not recommended.
chmod +s /usr/sbin/wireshark
or
chmod +s /usr/sbin/dumpcap
Since wireshark uses dumpcap for capturing packets giving set-uid permissions to either just wireshark or just dumpcap is enough. We do not need to make both programs set-uid to be able to run wireshark from normal user accounts.
Creating a special group for wireshark or dumpcap
We can create a special group for wireshark and/or dumpcap and make dumpcap executable readable / executable by just that group. Then we can add users to the created group so that they can run wireshark without requiring root password. This is more safer then previous method where all users can run wireshark without requiring root password.
groupadd -g wireshark usermod -a -G wireshark <username> chgrp wireshark /usr/sbin/dumpcap chmod 4750 /usr/bin/dumpcap
Home > CentOS > CentOS 6.x > Network related tools > Wireshark