Wireshark mailing list archives
Re: Npcap 0.01 call for test (2nd)
From: Guy Harris <guy () alum mit edu>
Date: Wed, 22 Jul 2015 10:37:04 -0700
On Jul 22, 2015, at 9:37 AM, Graham Bloice <graham.bloice () trihedral com> wrote:
Most, if not all, will be running Wireshark unelevated, as this is a basic tenet of Wireshark use. There are millions of lines of code in Wireshark dissectors and they really shouldn't be given admin privs.
Does anybody know whether there exists, in Windows:
1) an inter-process communications mechanism, either documented or reverse-engineered *and* likely to remain
intact and usable from release to release and in future releases, over which a HANDLE can be passed;
2) a mechanism by which a non-privileged process can request that a subprocess be run with elevated privileges
- presumably requiring either user consent or something else to indicate trust - with such an IPC channel established
between the non-privileged process and the privileged process?
UN*Xes that support libpcap generally have 1) in the form of UNIX-domain sockets (or, in newer versions of OS X, Mach
messages, over which those newer versions of OS X support passing file descriptors), and probably have 2) in the form
of, if nothing else, sudo or some GUI equivalent.
The idea here is to have libpcap - and WinPcap, if the answers to those questions are both "yes" - invoke a *small*
helper process to do what work needs elevated privileges to open capture devices, turn on monitor mode, change
channels, etc., so that programs using those libraries do not *themselves* require elevated privileges.
If the answer for the first question is "no", then do we have some way to run dumpcap with elevated privileges and have
a pipe between it and Wireshark/TShark?
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Npcap 0.01 call for test (2nd), (continued)
- Re: Npcap 0.01 call for test (2nd) Tyson Key (Jul 19)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 20)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 20)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 20)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 20)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 20)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 21)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 25)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 25)
- Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 25)
- Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 26)
- Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 22)