Wireshark mailing list archives
Capturing packets on Linux during development
From: Peter Wu <peter () lekensteyn nl>
Date: Mon, 6 Nov 2017 15:51:05 +0000
Hi, Capturing packets requires a privileged process. Long time ago, this was done on Linux using a setuid root executable file. Nowadays, Linux distributions use file capabilities and a mode like 0754 to limit capturing to a special group, typically called "wireshark". Members of that group can capture packets as normal user (not root). The required capabilities are for capture are: - cap_net_admin - for changing monitor/promisc mode - cap_net_raw - for actual capturing data. During development however, the generated binary will be overwritten every time, so changing the file capabilities is cumbersome. File capabilities are also not supported for tmpfs filesystems. Therefore I use "Ambient capabilities" which are possible since Linux 4.3. These do not suffer from the previous limitations since the capabilities are taken from the process environment rather than from the filesystem. Attached is my "enter-caps" script. Run it without arguments to obtain a shell from which you can start wireshark, tshark, etc. For more background info, see https://unix.stackexchange.com/a/303738/8250 For USB captures using the usbmon interface, I typically do something like this, once after a fresh boot: sudo modprobe usbmon sudo setfacl -m u:$USER:r /dev/usbmon* This allows the current user (which is expanded automatically from `$USER`) to Read (capture) USB traffic. In this way, dumpcap does not need additional capabilities either. -- Kind regards, Peter Wu https://lekensteyn.nl
Attachment:
enter-caps
Description:
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Capturing packets on Linux during development Peter Wu (Nov 06)