help-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Running Wireshark as non-root


From: Petter
Subject: Running Wireshark as non-root
Date: Wed, 23 Nov 2016 10:21:13 +0100

Hi,

I'm trying to run Wireshark/Dumpcap as a non-root user. And not succeeding at that.


Now, first, I have not checked the official documentation of Wireshark as they're behind the
CloudFlare wall. (Issues...)


The error I get in Wireshark is:
The capture session could not be initiated on interface 'lo' (You don't have permission to
capture on that device).

Please check to make sure you have sufficient permissions, and that you have the proper interface or pipe specified.


From what I gather it's not the Wireshark binary that needs a permission boost, but the program
"dumpcap".

The steps I'm trying to follow is along these lines:
`chmod 750 /usr/bin/dumpcap`
`chgrp wireshark /usr/bin/dumpcap`
`setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap`

(Using ~/.guix-profile/bin/dumpcap instead of /usr/bin/dumpcap)

This fails immediately because the store is mounted Read-Only.


I try to advance regardless by copying the dumpcap binary to my home folder. And I set the
capabilities. Verify with getcap - it should work now.

$ ls -l dumpcap
-rwxr-xr-x 1 petter users 730 Nov 22 10:23 dumpcap

$ getcap ./dumpcap
./dumpcap = cap_net_admin,cap_net_raw+eip


But no.

$ ./dumpcap -i lo
Capturing on 'Loopback'
dumpcap: The capture session could not be initiated on interface 'lo' (You don't have
permission to capture on that device).
Please check to make sure you have sufficient permissions, and that you have the proper
interface or pipe specified.


Spider senses tells me this is more involved than what I'm able to see. Do any of you have any experience with this or similar operations, especially use of `setcap`?


Also, I'm thinking it would make sense that Wireshark/Dumpcap where installed with a non-root group and the necessary capabilities to run as a non-root user. So, users would just install and
add themselves to the correct group and be off sniffing packets.

$ getcap ~/.guix-profile/bin/dumpcap
$ ls -l ~/.guix-profile/bin/dumpcap
lrwxrwxrwx 5 root root 71 Jan 1 1970 /home/petter/.guix-profile/bin/dumpcap -> /gnu/store
/bsnw8sm2dkg70j1s93sga53b082p9czv-wireshark-2.2.2/bin/dumpcap

I'd be happy to take a stab at trying this, but I'd like to know in advance if this is the way
forward.


Also, I'm very open to notion that I'm just not seeing the obvious solution right in front of
me :) I appreciate any help and insights!


Thanks,
Petter



reply via email to

[Prev in Thread] Current Thread [Next in Thread]