This can be achieved by installing dumpcap setuid root. Wireshark has implemented Privilege Separation which means that the Wireshark GUI (or the tshark CLI) can run as a normal user while the dumpcap capture utility runs as root. The Security page provides explanations why this is a good idea. To be secure (at least in a way), it is recommended that even an administrator should always run in an account with (limited) user privileges, and only start processes that really need the administrator privileges. The way this is done differs from operating system to operating system. We need to run Wireshark or TShark on an account with sufficient privileges to capture, or need to give the account on which we're running Wireshark or TShark sufficient privileges to capture. Capture privileges - How to enable Wireshark without running as root
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |