Why you needed to use `sudo’ when executing Wireshark? (what would happen if you did not use `sudo’).

answered 2020-03-15 17:25:21 +0000

flag of United Kingdom of Great Britain and Northern Ireland

23835 ●4 ●973 ●227 https://www.wireshark.org

updated 2020-03-16 11:04:15 +0000

Just to make it clear, DO NOT RUN WIRESHARK WITH SUDO, or the equivalent on other platforms, e.g. elevated privileges on Windows. There should never be a need to do so, and if you think you need sudo then you're doing something wrong.

The reason for this is that there millions of lines of unaudited code in Wireshark that could be vulnerable to malicious network traffic which don't actually need to be run with admin privs.

edit flag offensive delete link

Comments

Do not do so even if you want to capture traffic. If elevated privileges are required to capture traffic, then either:

dumpcap should be changed to have those privileges (made set-UID or set-GID, given Linux capabilities, etc.)
the need for elevated privileges should be removed (for example, on systems using the BPF capture mechanism, making the BPF devices, or BPF cloning device, openable by users other than root).

That way, dumpcap, a much simpler program than Wireshark/TShark, is initially given the privileges (which it relinquishes when possible).

Guy Harris ( 2020-03-15 17:33:50 +0000 )edit

add a comment

Why you needed to use `sudo’ when executing Wireshark? (what would happen if you did not use `sudo’).

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Why you needed to use `sudo’ when executing Wireshark? (what would happen if you did not use `sudo’). edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Why you needed to use `sudo’ when executing Wireshark? (what would happen if you did not use `sudo’).