Wireshark-dev: Re: [Wireshark-dev] GSoC 2013 Project Proposal for Root permissions in wireshark

From: Surbhi Jain <jainsurbhi024@xxxxxxxxx>
Date: Wed, 24 Apr 2013 20:09:26 +0545
Hi all,

A normal user must have the permissions to capture and view the packet info. till layer 5 if that belongs to his request from server. He can be able to save a packet, to delete a packet, to edit a packet and sent it back to the server. 

Packet contains the info for the identification of the host ( IP address + Port number). I think we can use the options field of TCP header to contain the name of the owner of the packet in encrypted form. And this owner field must be checked with the current logged in user before opening the packet. This will ensure the security. 

With reference to my previous post, I think we can't openly change the permissions of the dumpcap .

I need the discussions and help to carry forward this idea or come up with better ideas.  

Surbhi Jain
3rd year , Computer Science Engineering
University School of  Information & Communication Technology
Contact Email ID - surbhijain1@xxxxxxx


On Wed, Apr 24, 2013 at 7:36 PM, Surbhi Jain <jainsurbhi024@xxxxxxxxx> wrote:
Hi all,

I came across the project "Root permissions" in wireshark. i downloaded wireshark on my ubuntu PC in order to capture the packets. I was unable to select any interface as I was not logged in as root. The permissions of file /usr/bin/dumpcap needs to be changed as 775 or 777 in order to view the interfaces and capture the packets.

In order for a normal user to capture and view packets, the permission of dumpcap file should implicitly be 775 or all the files must be present in the home directory of currently logged in user. As the capturing of packets on a system is user dependent. 



Surbhi Jain
3rd year , Computer Science Engineering
University School of  Information & Communication Technology
Contact Email ID - surbhijain1@xxxxxxx