I started WireShark on my Ubuntu machine and discovered that there were no interfaces I could listen to. So I launched it as root. This gave me access to all the interfaces, but gave me a warning:
Running WireShark as user 'root' in group 'root'. This could be dangerous...
So, is it dangerous? Otherwise, how can I listen to the interfaces?
Answer
Wireshark is quickly approaching two million lines of code. You shouldn't run them as root for the same reasons that you shouldn't run Firefox, OpenOffice, GIMP, or any other similarly-sized application as root.
On Linux you don't need to be root to capture packets. You just need the CAP_NET_ADMIN and CAP_NET_RAW privileges. On most distributions this is easy to get up and running. Ubuntu doesn't do this by default yet, but it hopefully will at some point in the future.
No comments:
Post a Comment