Wireshark-users: Re: [Wireshark-users] Wireshark needs root privileges?
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Fri, 4 Jun 2010 00:02:21 +0200
So, getting back to the original question: "I can't see an interface, unless running as root. Is that normal?". Yes that's normal.
"Is it recommended to run as root, like suggested?". No, it is not.
What you can do is setuid root dumpcap, so that the capture tool has the required privileges, and Wireshark itself runs in the relative safety of your user credentials. Newer versions of Debian packaged Wireshark (1.2.7 and up if I'm correct) even create a seperate usergroup, with just the right privileges, for capturing by dumpcap. You have to add your own useraccount to that group before you can do a capture. So that gives the safest and fine grained control over user network capture. I hope these updates trickle down to Ubuntu quickly and erradicate Wireshark as root.

Thanks,
Jaap

Send from my iPhone

On 3 jun 2010, at 17:34, Dotan Cohen <dotancohen@xxxxxxxxx> wrote:

Despite warnings about running Wireshark as root, on my Ubuntu 9.10
system the app sees no network interfaces unless I run it as root. Is
this normal? I've googled for "Ubuntu wireshark" and it does seem that
self-styled journalists (blogs) recommend running as root, but I do
not trust them for best practices.

Thanks.

--
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___________________________________________________________________________


Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx >
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe