Re: Wireshark needs root privileges?

[Jakub Zawadzki <darkjames () darkjames ath cx>]

On Thu, Jun 03, 2010 at 11:50:54AM -0400, Jeff Morriss wrote:
> Dotan Cohen wrote:
> > Despite warnings about running Wireshark as root, on my Ubuntu 9.10
> > system the app sees no network interfaces unless I run it as root. Is
> > this normal? I've googled for "Ubuntu wireshark" and it does seem that
> > self-styled journalists (blogs) recommend running as root, but I do
> > not trust them for best practices.
>
> On most OS[1] you need "root" (or similar) privileges in order to open 
> the network device in a manner that allows you to capture packets. 
> Running Wireshark (the GUI) as root is strongly discouraged: since 1.0 
> Wireshark has had a separate utility (dumpcap) that contains all the 
> packet capture code: only that utility needs to run as root, allowing 
> you to run the multiple million lines of code in the bulk of Wireshark 
> as a normal user.

What about dropping root privilages after invoking dumpcap?
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe