LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-27-2012, 11:10 AM   #1
xjonquilx
Member
 
Registered: Jul 2011
Location: FL, USA
Distribution: Linux Mint 13
Posts: 169

Rep: Reputation: Disabled
Wireshark Help


I'm trying to work with Wireshark and it keeps saying that I don't have permission to use /usr/bin/dumpcap. I checked the permissions on that and for me it's set to read-only. I'm not sure what to do from this point, I could set it to read and write (but I'm pretty sure that's not what I should do... or should I?).

The Wireshark documentation said I needed to have packet support enabled in the kernel. Could this have something to do with that? I wasn't sure how to enable packet support, so I skipped over that but remembered it in case it would come in handy later.

BTW I'm not doing anything illegal.
 
Old 05-27-2012, 01:39 PM   #2
ceyx
Member
 
Registered: May 2009
Location: Fort Langley BC
Distribution: Kubuntu,Free BSD,OSX,Windows
Posts: 342

Rep: Reputation: 59
You need to run wireshark as user "root" in order to have all of the permissions required.
 
1 members found this post helpful.
Old 05-27-2012, 01:52 PM   #3
xjonquilx
Member
 
Registered: Jul 2011
Location: FL, USA
Distribution: Linux Mint 13
Posts: 169

Original Poster
Rep: Reputation: Disabled
When I run it as root it warns me that I'm doing something dangerous. Should I ignore this warning, or can I seriously mess up the system by running this as root?
 
Old 05-27-2012, 02:11 PM   #4
ceyx
Member
 
Registered: May 2009
Location: Fort Langley BC
Distribution: Kubuntu,Free BSD,OSX,Windows
Posts: 342

Rep: Reputation: 59
I ignore the error, but your system will log that your ethernet device has gone into 'Promiscuous Mode'. If a network admin saw that you might get into trouble, but if YOU are the admin go ahead !
You won't mess anything up if you are just watching or capturing the traffic.

Last edited by ceyx; 05-27-2012 at 02:12 PM.
 
Old 05-27-2012, 02:47 PM   #5
xjonquilx
Member
 
Registered: Jul 2011
Location: FL, USA
Distribution: Linux Mint 13
Posts: 169

Original Poster
Rep: Reputation: Disabled
LOL, yes, I am the admin.

How do I capture other devices? So far I'm only seeing my own network traffic. I tried going through the Wireshark documentation but it went a little over my head. From what I've read I suspect my router doesn't allow other device's traffic to be captured. I just want to make sure that is the case though.
 
Old 05-27-2012, 03:17 PM   #6
ceyx
Member
 
Registered: May 2009
Location: Fort Langley BC
Distribution: Kubuntu,Free BSD,OSX,Windows
Posts: 342

Rep: Reputation: 59
To capture traffic on the entire net, you need a 'mirroring switch' or an old hub if one can be found. Switches are smart enough to remember what ip is on which of its ports and only sends traffic for a specific ip to that port. A mirroring switch will send ALL traffic to a specific port.

The old style hubs broadcast all traffic out to all ports - an inefficient way to network, but it allows one to see all traffic.

If you have a couple of old interface boards and an old computer hanging around, an interesting project is to set up a bridge :

http://wiki.wireshark.org/CaptureSetup/Ethernet , see 'machine in the middle'

Have fun !
 
1 members found this post helpful.
Old 05-27-2012, 03:31 PM   #7
xjonquilx
Member
 
Registered: Jul 2011
Location: FL, USA
Distribution: Linux Mint 13
Posts: 169

Original Poster
Rep: Reputation: Disabled
Ok, cool, thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Wireshark nigelc Linux - Software 1 11-06-2011 01:39 AM
about wireshark shailesh_tatware Linux - Newbie 2 08-12-2010 03:29 AM
wireshark ... maas187 Linux - Software 1 08-27-2008 10:18 PM
wireshark help koedil Fedora 1 11-30-2007 08:08 PM
Wireshark Help bgeddy Slackware 9 09-30-2006 01:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration