[PLUG] Using Wireshark

Richard C. Steffens rsteff at comcast.net
Fri Dec 19 19:43:51 UTC 2008


Tim wrote:
> In order to sniff a network interface, you typically need root access.
>   
(Slaps forehead.) Of course. I suppose part of it is that I'm still not 
used to the "sudo" way of doing things.
> I'm guessing you weren't running it as root and Wireshark didn't show
> you the interfaces that you don't have access to (though I could be
> wrong).  Running Wireshark as root is a *bad idea* because they're
> really not interested in providing a secure product, it seems, and have
> had many overflows in the past.
>   
Makes sense.
> So, I suggest running tcpdump as root (through sudo or otherwise),
> storing the output of network traffic, then viewing it as your normal
> user (or better yet, a much less privileged user) in wireshark.
> Something along the lines of:
>
> # tcpdump -vv -n -i eth0 -s 0 -w packet_capture.cap
> ...
> $ wireshark packet_capture.cap
>
> In this example, "eth0" is the ethernet device you want to sniff and
> packet_capture.cap is the file where you'd store the packet capture.
>   

OK. That worked. I'll have to spend some time figuring out how to use 
filters, but at least I'm on the trail.

Thanks!

-- 
Regards,

Dick Steffens
www.dicksteffens.com
 




More information about the PLUG mailing list