Any Best practice / hardening guides for Wireshark?

asked 2021-02-16 16:24:13 +0000

Hello and Good Day!

I have been scouring the web to see if there was any hardening guidance or best practice guides to use wireshark in a more secure manner. I am fully-aware to the fact that this is an Open-Source piece of software so hardening will be limited but I was hoping to at least be pointed in a direction to help me figure out what best configurations and implementations should be used that are closest to a STIG of some kind (though I would not be surprised if there was not much). Anything to at least assist with this would be greatly helpful!

Thank you!

edit retag flag offensive close merge delete


Have you seen the security page - it might guide you into some best practices.

...and the new site:

Bob Jones gravatar imageBob Jones ( 2021-02-16 17:17:49 +0000 )edit

Can you clarify as to what you want to achive?

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2021-02-17 09:09:37 +0000 )edit

@hugo - ideally, I am looking to see if there is any available guidance to secure an instance of wireshark that would create a more "secure" installation and implementation. Maybe it's to limit access to how to capture PCAPs or lock down access or anything along those lines that would align with typical "hardening" guidance or STIG-like configuration. I would totally get it if nothing that specific or secure may not exist but I was just hoping for something, anything really that I can use to try to "lock" down the implementation / configuration of Wireshark. Even something along the lines of SCAP scanning to configure would be acceptable (if that was applicable). Any help would be appreciated!

altafullahu gravatar imagealtafullahu ( 2021-02-17 14:36:18 +0000 )edit