Home page logo
/

wireshark logo Wireshark mailing list archives

Re: GSoC 2013 Project Proposal for Root permissions in wireshark
From: Surbhi Jain <jainsurbhi024 () gmail com>
Date: Sun, 28 Apr 2013 20:28:23 +0545

Sir

I got your point regarding the security as it depends on wired or wireless
network or further the internal network design of an organisation and the
WEP/WPA security of their network.

When we install WIRESHARK or most of the softwares on any distro, window
prompts up asking for root password. When the installation of the software
starts, can't we run a script which will allow the logged in user or
third-party user to view the listed interfaces of the system. I want to ask
that "If I will study all installation criteria and changes it makes to the
other folders and files, am I proceeding in right direction?".

Thanks!

Surbhi Jain
3rd year , Computer Science Engineering
University School of  Information & Communication Technology
Contact Email ID - surbhijain1 () acm org


On Sat, Apr 27, 2013 at 11:40 AM, Guy Harris <guy () alum mit edu> wrote:


On Apr 25, 2013, at 7:26 AM, Surbhi Jain <jainsurbhi024 () gmail com> wrote:

Would it mean that end user can also capture traffic which won't belong
to him or if he is not the owner of the packet? Security has no concern for
capturing packets?

If somebody's concerned about capturing "third-party" traffic not being
sent by or to the machine running the sniffer, then:

        if the network is wired, they should require that they be able to
control what software is installed on machines plugged into the network and
ensure that it can't put an interface into promiscuous mode;

        if the network is wireless, they should use at least WPA/WPA2
encryption on the network;

so that only traffic to or from the machine running the sniffer can be
seen un-encrypted.

If somebody's concerned about capturing traffic to or from the machine
running the sniffer that's not being sent by or to a process running as the
user running the sniffer, then they should only allow administrators to run
sniffers.

If somebody's concerned about a user of a personal computer being able to
capture traffic to or from their own machine, they should only allow
administrators to run sniffers and not make the users of the PCs they
provide to employees have administrative privileges.

There are already plenty of packet sniffers out there that, if they can
capture traffic at all, can capture traffic regardless of who it's to or
from on the machine.  This project is about giving users *full* Wireshark
capabilities without requiring them to run as root; it's not about limiting
Wireshark's capabilities so as to make it acceptable to run on machines on
corporate networks so locked-down that they don't even want users to see
what daemons are doing on their own machines.

Root permissions are therefore OS dependent? Am I right?

The privileges required to capture packets, and the mechanisms for getting
those privileges, are OS-dependent.

Or are we supposed to edit the dumpcap file.

No.  As I said, this project is not about figuring out how to limit
Wireshark's capabilities, it's about figuring out how to *increase*
Wireshark's capabilities when run as the user, so they don't have to run as
root.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]