Home page logo
/

wireshark logo Wireshark mailing list archives

Re: GSoC 2013 Project Proposal for Root permissions in wireshark
From: Surbhi Jain <jainsurbhi024 () gmail com>
Date: Thu, 25 Apr 2013 20:11:19 +0545

Would it mean that end user can also capture traffic which won't belong to
him or if he is not the owner of the packet? Security has no concern for
capturing packets?

Root permissions are therefore OS dependent? Am I right?
Or are we supposed to edit the dumpcap file.

Surbhi Jain
3rd year , Computer Science Engineering
University School of  Information & Communication Technology
Contact Email ID - surbhijain1 () acm org


On Thu, Apr 25, 2013 at 12:10 PM, Guy Harris <guy () alum mit edu> wrote:


On Apr 24, 2013, at 7:24 AM, Surbhi Jain <jainsurbhi024 () gmail com> wrote:

Hi all,

A normal user must have the permissions to capture and view the packet
info. till layer 5 if that belongs to his request from server.
He can be able to save a packet, to delete a packet, to edit a packet
and sent it back to the server.

Packet contains the info for the identification of the host ( IP address
+ Port number). I think we can use the options field of TCP header to
contain the name of the owner of the packet in encrypted form.

Not if the packet isn't a TCP packet, you can't.

The purpose of this project is not to safely allow privileges to capture
packets to be given to anybody, without letting them capture traffic that
they're somehow not "entitled" to capture; the purpose is to allow people
to run Wireshark, TShark, and dumpcap to capture whatever traffic they want
without having to run as root.  If the computer is a personal computer on a
personal network, the owner should be allowed to see any traffic that they
want, and even run in promiscuous or monitor mode; if it's a "personal"
computer on some organizational network (corporate/government/etc.), the
organization might well want to ban sniffers entirely, even if they're not
running in promiscuous or monitor mode, except on machines that belong to
network administrators; if the computer is a time-shared computer or
server, they might want to allow only network administrators to capture
traffic.

So I don't see the point of modifying the network stack to add the "owner
of the packet" as a TCP option.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault