Ask Your Question
0

Does Wireshark have to be run in kernel mode (system mode) on Red Hat Enterprise Linux?

asked 2019-07-17 18:30:54 +0000

I am new to using Wireshark on Red Hat Enterprise Linux and was wondering if it has to be run in kernel mode or can it be run in user mode.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-07-17 19:50:15 +0000

Guy Harris gravatar image

There is nothing in Wireshark that can run in kernel mode! It's 100% user-mode code.

If you mean "can it be run without root privileges on Linux?", that depends on whether the dumpcap component is installed with elevated privileges. That can be done on Debian and on Debian derivatives such as Ubuntu; I don't know what installation options for that are available on RHEL.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-07-17 18:30:54 +0000

Seen: 142 times

Last updated: Jul 17