LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 09-28-2006, 12:47 AM   #1
bgeddy
Senior Member
 
Registered: Sep 2006
Location: Liverpool - England
Distribution: slackware64 13.37 and -current, Dragonfly BSD
Posts: 1,810

Rep: Reputation: 227Reputation: 227Reputation: 227
Wireshark Help


Anyone had any experience of running Wireshark under Slackware 10.2 ? I have downloaded th package and installed using KPackage (KDE) and it now shows as installed under KPackage. How do I run this ??
Thanks
 
Old 09-28-2006, 06:29 AM   #2
titopoquito
Senior Member
 
Registered: Jul 2004
Location: Ruhr Area, Germany
Distribution: Slackware64 14.0
Posts: 1,525

Rep: Reputation: 94
http://www.wireshark.org/docs/man-pages/

tells that you should open up a console and just type "wireshark" or any of the other commands that are listed on that site.

It sounds that you are running X and kpackage as root? That's something you will get many warnings about here. It is generally a better way to create an user account and do the root stuff in a console. If you know about that, just forget the last paragraph.
 
Old 09-28-2006, 08:21 AM   #3
bgeddy
Senior Member
 
Registered: Sep 2006
Location: Liverpool - England
Distribution: slackware64 13.37 and -current, Dragonfly BSD
Posts: 1,810

Original Poster
Rep: Reputation: 227Reputation: 227Reputation: 227
Thanks for the reply - and no, I'm not running Wshark as root - I have created a user for myself. When I try and run Wireshark from a console it reports "GtK-Warning ** cannot open diisplay" . Running "Wireshark --help" shows an option "--display=DISPLAY X display to use" . Any idea what I should offer as an option to this ? Anyway , running Wireshark from KDE desktop (I have setup a Kmenu item) works but Wireshark offers no interfaces under "Options" . Perhaps someone knows of any other net security tools (packet sniffers/analyzers etc) that run under Slackware ?? I'm trying to teach myself low level TCP/IP and this would be a useful tool.

Thanks again
 
Old 09-28-2006, 02:23 PM   #4
zetabill
Member
 
Registered: Oct 2005
Location: Rhode Island, USA
Distribution: Slackware, Xubuntu
Posts: 348

Rep: Reputation: 31
From my experience from running Ethereal (same program different name), the program needs to be run as root for it to capture an interface. What I've done is I've used the KDE menu editor and I've made an entry for Ethereal than is run as root and not as my user. It's easy... just put wireshark in the command box and check the Run as different user box and put root in the username box. This way you don't have to actually log in a root to use wireshark and you have a wireshark that works as it should. When you run the program you'll get a dialog box asking for the root password and viola!

If you ever want to run wireshark from Konsole or a terminal emulator run from within KDE you should use the kdesu command before wireshark.
Code:
kdesu wireshark &
That will run wireshark in KDE and you'll get the dialog box for the password and everything. Only if you want to run wireshark from outside KDE do you need to use the --display=DISPLAY option.

Good luck.
 
Old 09-28-2006, 09:48 PM   #5
dalek
Senior Member
 
Registered: Jul 2003
Location: Mississippi USA
Distribution: Gentoo
Posts: 2,058
Blog Entries: 2

Rep: Reputation: 65
You may want to know some of this too since you appear to be running as root:

Code:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200608-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Wireshark: Multiple vulnerabilities
      Date: August 29, 2006
      Bugs: #144946
        ID: 200608-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Wireshark is vulnerable to several security issues that may lead to a
Denial of Service and/or the execution of arbitrary code.

Background
==========

Wireshark is a feature-rich network protocol analyzer.

Affected packages
=================

    -------------------------------------------------------------------
     Package                 /  Vulnerable  /               Unaffected
    -------------------------------------------------------------------
  1  net-analyzer/wireshark      < 0.99.3                    >= 0.99.3

Description
===========

The following vulnerabilities have been discovered in Wireshark.
Firstly, if the IPsec ESP parser is used it is susceptible to
off-by-one errors, this parser is disabled by default; secondly, the
SCSI dissector is vulnerable to an unspecified crash; and finally, the
Q.2931 dissector of the SSCOP payload may use all the available memory
if a port range is configured. By default, no port ranges are
configured.
Let me know if you need to read more about this. I got the email saved.

 
Old 09-28-2006, 10:48 PM   #6
davidsrsb
Member
 
Registered: Oct 2003
Location: Kuala Lumpur, Malaysia
Distribution: Slackware 13.37 current
Posts: 770

Rep: Reputation: 33
Wireshark keeps getting new vulnerabilities and fixes. This is inevitable for such a powerful and complex low level tool. It is not he sort of software that you would run or even install on a production server.
 
Old 09-28-2006, 11:34 PM   #7
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,515

Rep: Reputation: 62
Quote:
Originally Posted by davidsrsb
Wireshark keeps getting new vulnerabilities and fixes. This is inevitable for such a powerful and complex low level tool. It is not he sort of software that you would run or even install on a production server.
I'm not trying to be a wise guy here, really, but even clam-av & nessus which do run on production servers gets vulnerabilities . heck X11 does too. I guess one really has to be sure that they are running current patched versions before deploying I guess.

If someone needs to sniff packets then what else is there that is opensource? Do you have any recommendations?

I read that tripwire was good, but there's no opensource version that I can find.

I was going to try snort, and noticed at their website that they have vulnerabilities in the one that's available on linuxpackages right now, so i tried to download the new snort and it has a bad gpg sign file.

Any other recommendations?
 
Old 09-29-2006, 03:31 PM   #8
bgeddy
Senior Member
 
Registered: Sep 2006
Location: Liverpool - England
Distribution: slackware64 13.37 and -current, Dragonfly BSD
Posts: 1,810

Original Poster
Rep: Reputation: 227Reputation: 227Reputation: 227
Thanks for all the help guys - I run Wireshark as root and everything works great. - Cheers
 
Old 09-30-2006, 01:00 PM   #9
KaYoS
Member
 
Registered: May 2006
Posts: 32

Rep: Reputation: 15
The tools hackers use are more likely to have vulnerabilites exposed/used as the people using them are often the people looking for exploits.

Wireshark/Ethereal is a usefull tool, but check out www.insecure.org (home of nmap) they have a top 100 list of security tools
 
Old 09-30-2006, 01:34 PM   #10
bgeddy
Senior Member
 
Registered: Sep 2006
Location: Liverpool - England
Distribution: slackware64 13.37 and -current, Dragonfly BSD
Posts: 1,810

Original Poster
Rep: Reputation: 227Reputation: 227Reputation: 227
Thanka for the info - an interesting site..

Cheers
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Ethereal changes name to Wireshark LXer Syndicated Linux News 0 06-10-2006 09:03 PM


All times are GMT -5. The time now is 09:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration