Home page logo

wireshark logo Wireshark mailing list archives

Re: GSoC 2013 Project Proposal for Root permissions in wireshark
From: Guy Harris <guy () alum mit edu>
Date: Fri, 26 Apr 2013 22:55:52 -0700

On Apr 25, 2013, at 7:26 AM, Surbhi Jain <jainsurbhi024 () gmail com> wrote:

Would it mean that end user can also capture traffic which won't belong to him or if he is not the owner of the 
packet? Security has no concern for capturing packets?

If somebody's concerned about capturing "third-party" traffic not being sent by or to the machine running the sniffer, 

        if the network is wired, they should require that they be able to control what software is installed on 
machines plugged into the network and ensure that it can't put an interface into promiscuous mode;

        if the network is wireless, they should use at least WPA/WPA2 encryption on the network;

so that only traffic to or from the machine running the sniffer can be seen un-encrypted.

If somebody's concerned about capturing traffic to or from the machine running the sniffer that's not being sent by or 
to a process running as the user running the sniffer, then they should only allow administrators to run sniffers.

If somebody's concerned about a user of a personal computer being able to capture traffic to or from their own machine, 
they should only allow administrators to run sniffers and not make the users of the PCs they provide to employees have 
administrative privileges.

There are already plenty of packet sniffers out there that, if they can capture traffic at all, can capture traffic 
regardless of who it's to or from on the machine.  This project is about giving users *full* Wireshark capabilities 
without requiring them to run as root; it's not about limiting Wireshark's capabilities so as to make it acceptable to 
run on machines on corporate networks so locked-down that they don't even want users to see what daemons are doing on 
their own machines.

Root permissions are therefore OS dependent? Am I right?

The privileges required to capture packets, and the mechanisms for getting those privileges, are OS-dependent.

Or are we supposed to edit the dumpcap file.

No.  As I said, this project is not about figuring out how to limit Wireshark's capabilities, it's about figuring out 
how to *increase* Wireshark's capabilities when run as the user, so they don't have to run as root.
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]