On Mon, Nov 26, 2007 at 09:31:53PM +0200, Richard Storm wrote:
> Could you, please, explain what exactly does this feature means:
> * Most of the capture code has been moved out of the GUI, which means
> that Wireshark no longer needs to be run as root!
>
> What exactly has changed since 0.99.6?
The main thing that changed was that dumpcap is now used to capture/look
up interfaces/etc. when using the Wireshark GUI. dumpcap is a
standalone program that can capture to a file or to a pipe into
Wireshark/tshark. dumpcap has been around for a while (I believe being
used in tshark). There is now an option to install Wireshark in such a
way that only dumpcap is run as setuid root instead of the entire
Wireshark program for security reasons.
Does this help?
Steve