Ask Your Question
0

Why you needed to use `sudo’ when executing Wireshark? (what would happen if you did not use `sudo’).

asked 2020-03-15 05:25:32 +0000

abdul gravatar image

updated 2020-03-15 06:36:26 +0000

Jaap gravatar image

Why you needed to use sudo when executing Wireshark? (what would happen if you did not use sudo).

edit retag flag offensive close merge delete

Comments

Do you know what sudo does?

Jaap gravatar imageJaap ( 2020-03-15 06:35:49 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2020-03-15 17:25:21 +0000

grahamb gravatar image

updated 2020-03-16 11:04:15 +0000

Just to make it clear, DO NOT RUN WIRESHARK WITH SUDO, or the equivalent on other platforms, e.g. elevated privileges on Windows. There should never be a need to do so, and if you think you need sudo then you're doing something wrong.

The reason for this is that there millions of lines of unaudited code in Wireshark that could be vulnerable to malicious network traffic which don't actually need to be run with admin privs.

edit flag offensive delete link more

Comments

Do not do so even if you want to capture traffic. If elevated privileges are required to capture traffic, then either:

  1. dumpcap should be changed to have those privileges (made set-UID or set-GID, given Linux capabilities, etc.)
  2. the need for elevated privileges should be removed (for example, on systems using the BPF capture mechanism, making the BPF devices, or BPF cloning device, openable by users other than root).

That way, dumpcap, a much simpler program than Wireshark/TShark, is initially given the privileges (which it relinquishes when possible).

Guy Harris gravatar imageGuy Harris ( 2020-03-15 17:33:50 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2020-03-15 05:25:32 +0000

Seen: 2,395 times

Last updated: Mar 16 '20