Wireshark-dev: Re: [Wireshark-dev] GSoC 2013 Project Proposal for Root permissions in wireshark

From: Phil Turmel <philip@xxxxxxxxxx>
Date: Wed, 24 Apr 2013 20:43:20 -0400
On 04/24/2013 10:24 AM, Surbhi Jain wrote:
> Hi all,
> 
> A normal user must have the permissions to capture and view the packet
> info. till layer 5 if that belongs to his request from server. He can be
> able to save a packet, to delete a packet, to edit a packet and sent it
> back to the server.
> 
> Packet contains the info for the identification of the host ( IP address +
> Port number). I think we can use the options field of TCP header to contain
> the name of the owner of the packet in encrypted form. And this owner field
> must be checked with the current logged in user before opening the packet.
> This will ensure the security.
> 
> With reference to my previous post, I think we can't openly change the
> permissions of the dumpcap .
> 
> I need the discussions and help to carry forward this idea or come up with
> better ideas.

The distribution I use, gentoo, sets up a "wireshark" group.  Members of
the group may use promiscuous mode on network interfaces.

Check your distro's documentation.

Phil