You are not logged in.

#1 2010-02-25 17:27:10

jazzfan
Member
From: Croatia
Registered: 2008-07-10
Posts: 13

Running Wireshark as regular user

I think that in Wireshark's package should be added post_install script that makes Wireshark able to capture as regular user.

It is pretty annoying doing the same thing again and again after every Wireshark update. Besides that, some non-experienced users might run it as root, as they couldn't find easier solution, which we all know that could be (very) dangerous.

Anyway, I made simple bash script which does that. So if you want, you can add it in the package.

#!/bin/bash

groupadd wireshark &> /dev/null
chgrp wireshark /usr/bin/dumpcap
chmod 754 /usr/bin/dumpcap
setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap

Offline

#2 2010-02-25 18:31:45

daf666
Member
Registered: 2007-04-08
Posts: 470
Website

Re: Running Wireshark as regular user

Allowing regular non root users sniffing packets on your machine for their enjoyment is not a very smart move...

Offline

#3 2010-02-25 18:37:39

jazzfan
Member
From: Croatia
Registered: 2008-07-10
Posts: 13

Re: Running Wireshark as regular user

It's up to administrator to decide who should be in wireshark group... By default, it should be empty.

Offline

#4 2010-02-25 19:07:17

daf666
Member
Registered: 2007-04-08
Posts: 470
Website

Re: Running Wireshark as regular user

then its not so bad..
I usually just sudo wireshark

Offline

#5 2010-02-25 22:32:52

thestinger
Trusted User (TU)
From: Toronto, Canada
Registered: 2010-01-23
Posts: 478

Re: Running Wireshark as regular user

people have found wireshark vulnerabilities in the past (buffer overflows, etc) that allow them to execute code on your machine... there aren't any known exploits right now afaik, but it seems like a good idea to run it as a user (perhaps as a wireshark user with very little priveledges?)

Offline

#6 2010-02-26 10:45:04

daf666
Member
Registered: 2007-04-08
Posts: 470
Website

Re: Running Wireshark as regular user

This may very well be all true and good, but kinda going back on subject, I think that adding customization to packages is generally a bad idea.
I see these posts from time to time of users wanting this or that feature or customization added to their favorite package, which might be good ideas, but eventually I think that each time a package is getting customized - Arch loses some of its greatness (and a kitten dies somewhere).
I like Arch packages as vanilla as possible, leaving me the option to do whatever I want with them (like what you did here).

Offline

#7 2010-02-26 20:45:50

jazzfan
Member
From: Croatia
Registered: 2008-07-10
Posts: 13

Re: Running Wireshark as regular user

You got that 100% right... I agree with you.

But I don't see this like customization.
It's not changing/adding features of program/OS (like patch or something)

AFAIK, many packages (trough I'm not sure if thats in PKGBUILD, or in native packages) are creating new groups to avoid programs being run as root.
Besides that, when admin installs program, its everything the same for him, besides he doesn't have to do the same after every update.
But when regular user installs program, he would 80% run that as root (like you did), which is (potentiality hight) security risk. Isn't it easier and better to just once type: sudo gpasswd -a user wireshark, then running it as root?

Of course, user should be told that he should add him self to group wireshark at the time of installation (what many archlinux packages does), so he doesn't have to crawl web to find the answer. Also, post_remove scrip should delete wireshark group to keep system clean.

I made my self a script and its not a problem to run it after every update. It's just a try to make archlinux more safe for regular user.
(admins would take care of this them self, I rly hope).

Last edited by jazzfan (2010-02-26 20:49:23)

Offline

#8 2021-06-07 10:05:41

abc01234567890
Member
Registered: 2016-10-30
Posts: 4

Re: Running Wireshark as regular user

Hello,

What could be the problem if running wireshark as a regular user, but there is no menu (File Edit View Go Capture Analize ... ) at all?
It is available only under sudo.

Offline

#9 2021-06-07 11:45:29

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 13,011

Re: Running Wireshark as regular user

It's highly unlikely that this 11 year old thread still holds relevance to whatever your issue is. Open a new thread, don't necrobump.

Closing.

Offline

Board footer

Powered by FluxBB