THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Why you needed to use `sudo’ when executing Wireshark? (what would happen if you did not use `sudo’).

  • retag add tags

Why you needed to use sudo when executing Wireshark? (what would happen if you did not use sudo).

abdul's avatar
1
abdul
asked 2020-03-15 05:25:32 +0000
Jaap's avatar
13.7k
Jaap
updated 2020-03-15 06:36:26 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Do you know what sudo does?

Jaap's avatar Jaap (2020-03-15 06:35:49 +0000) edit
more
  • delete

https://blog.wireshark.org/2010/02/ru...

Chuckc's avatar Chuckc (2020-03-15 13:21:34 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Just to make it clear, DO NOT RUN WIRESHARK WITH SUDO, or the equivalent on other platforms, e.g. elevated privileges on Windows. There should never be a need to do so, and if you think you need sudo then you're doing something wrong.

The reason for this is that there millions of lines of unaudited code in Wireshark that could be vulnerable to malicious network traffic which don't actually need to be run with admin privs.

grahamb's avatar
23.8k
grahamb
answered 2020-03-15 17:25:21 +0000, updated 2020-03-16 11:04:15 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Do not do so even if you want to capture traffic. If elevated privileges are required to capture traffic, then either:

  1. dumpcap should be changed to have those privileges (made set-UID or set-GID, given Linux capabilities, etc.)
  2. the need for elevated privileges should be removed (for example, on systems using the BPF capture mechanism, making the BPF devices, or BPF cloning device, openable by users other than root).

That way, dumpcap, a much simpler program than Wireshark/TShark, is initially given the privileges (which it relinquishes when possible).

Guy Harris's avatar Guy Harris (2020-03-15 17:33:50 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer