On Thu, Jun 03, 2010 at 11:50:54AM -0400, Jeff Morriss wrote:
> Dotan Cohen wrote:
> > Despite warnings about running Wireshark as root, on my Ubuntu 9.10
> > system the app sees no network interfaces unless I run it as root. Is
> > this normal? I've googled for "Ubuntu wireshark" and it does seem that
> > self-styled journalists (blogs) recommend running as root, but I do
> > not trust them for best practices.
>
> On most OS[1] you need "root" (or similar) privileges in order to open
> the network device in a manner that allows you to capture packets.
> Running Wireshark (the GUI) as root is strongly discouraged: since 1.0
> Wireshark has had a separate utility (dumpcap) that contains all the
> packet capture code: only that utility needs to run as root, allowing
> you to run the multiple million lines of code in the bulk of Wireshark
> as a normal user.
What about dropping root privilages after invoking dumpcap?