Ubuntu Security :: WireShark - Do Not Run As Root
Nov 7, 2010
The Wireshark website specifically warns against running WireShark as Root....
Quote:
Administrator/root account not required!
Many Wireshark users think that Wireshark requires a root/Administrator account to work with.
That's not a good idea, as using a root account makes any exploit far more dangerous: a successful exploit will have immediate control of the whole system, compromising it completely.
First of all, most Wireshark functions can always be used with a (probably very limited) user account. In particular, the protocol dissectors which have shown most of the security related bugs do not need a root account!
Only capturing (and gathering capture interface information) may require a root account, but even that can usually be "circumvented", see CaptureSetup/CapturePrivileges for details how to do so.
View 3 Replies
ADVERTISEMENT
Mar 25, 2010
Having read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)
View 7 Replies
View Related
Oct 11, 2010
I'm running behind a 2wire NAT Router with only have smtp, www, pop3 open routing to my ubuntu VM server. Network also includes three other ubuntu VM server's and a Desktop. I'm the only one on the network so my question is, what security risk is there running WireShark as root? Because running it under dumpcap is horrible after you quit. It hogs up all the resource to remove the dump.
View 7 Replies
View Related
Sep 25, 2010
So you have to run wireshark as root too see the interfaces which I'm ok with but a message says that this is dangerous. I am just wondering WHY this is dangerous? I mean I know sudo gives complete read write access to the system but what I am wondering is why is that BAD for wireshark? What could potentially happen? Can someone expand on this?
View 1 Replies
View Related
Jan 23, 2011
Was trying to use wireshark to pen test my network and I can't get it to work properly.When capturing on my main wireless card wlan0 atheros ath9k the program freezes after a short while and I can't even access the web anymore. Not to mention it stops capturing. I have to disconnect and reconnect to get back on the web. Not sure what is going on here. I get the following output in terminal:
(wireshark:2240): GLib-GObject-WARNING **: /build/buildd/glib2.0-2.26.0/gobject/gsignal.c:3081: signal name `depressed' is invalid for instance `0x2142cb68'
[code]....
View 1 Replies
View Related
Oct 29, 2010
I am doing security stuff under linux... I've heard of Wireshark and Snort and dsniff and have been reading up on them on wikipedia pages but the big picture is not clear to me yet. Are things like Wireshard and Snort BASED on the functionality of iptables in Linux? I read that you have to be root to run iptables, but not to run Wireshark right? Yet Wireshark is dependent on iptables.
View 3 Replies
View Related
Sep 2, 2010
Is there a 'plugin' for wireshark to analyze traffic and spot infected (windows) hosts? I have been using nepenthes with no luck. (and doubt all hosts are clean) is there some better way (other than using antivirus on each host)?
View 10 Replies
View Related
Jan 20, 2011
want to run VirtualBox with root permissions. Trouble is that only when run as root i can access attached USB devices inside of a virtual machine, otherwise, these a greyed out).Now running VirtualBox as a root user also changes the configuration folders, making all my virtual machines already defined disappear. I also don't want to copy all to the root configuration folders. Is there a way to give the VirtualBox root permissions but without actually running the application as a root user. Is it possible to do without changing the permissions of the non-root user, i.e. i don't want my user to have all root permissions, due to security considerations.
View 1 Replies
View Related
Apr 12, 2010
I run ProFTPd with TLS authentication on my Debian Lenny server. My problem is that despite of the fact that my users connect chrooted, one of my friends had root privileges after logging in form a Macintosh and could browse the root directory, too.
View 1 Replies
View Related
Sep 8, 2010
Whenever I login as root, an e-mail with the subject "Security information" is sent outwhere the e-mail address for this message is configured? I need to change it (or perhaps disable it).
View 9 Replies
View Related
Oct 20, 2010
I found this on Bee's website. For more info on this exploit there are links there:[URl]..All you have to do in Fedora 13 is enter the following lines in a shell as normal user:
[Code]...
I don't think this can be considered solely an "upstream" problem, because I first tried it in Arch using the same version of glibc, and the final command causes both gnome-terminal and xterm windows to disappear.
View 14 Replies
View Related
May 18, 2010
tcpdump is not details in protocols,so want wireshark to study protocols,
View 4 Replies
View Related
Sep 29, 2010
I installed Ubuntu 10.04 on my ASUS Eee PC 1015 but can't get WireShark to recognize my Atheros card.
I know my Atheros card works because I was on my wireless network at my house last night.
View 2 Replies
View Related
Aug 9, 2010
I've recently installed 64bit version of ubuntu 9.10 but the GDMsetup doesn't seem to be working as it was in 9.04 i mean to say when you type gdmsetup at console the login window pops up where i can check the check-box "Allow local administrator log in" under security tab. to enable login as root. since it is not working i've to type password every time when i install a package or create a folder in root directory or mount a drive which is quite irritating how can i login as root in gui mode etc... also is there some syntax which i can put into /etc/gdm/custom.conf so i can log in as root....
View 2 Replies
View Related
Apr 22, 2011
Having trouble adding a regular user with ssh access on Hardy 8.04. I can ssh into root, but not into the newly created regular user with the same ~/.ssh/authorized_keys
Code:
sshd_config has:
AllowGroups sshlogin
AllowUsers user root
[code]....
what could be preventing ssh login to ~user? And yes I would like to disable root ssh access, but it would be nice to be able to ssh into user first
View 4 Replies
View Related
Feb 8, 2010
I've run into a sort of catch 22.I installed wireshark via apt-get on my Eee 1008HA, but when it is launched, it does not allow any capture interfaces. I think this is because the shortcut created in my applications paneldoes not start it as root.So I went into terminal, typed in "sudo wireshark" and it popped up, as root. I was then able to capture on my wireless interface. However, if I try and specify my home folder as the location for the capture to be saved, I get an error that permission was denied, which seems odd since the process is running as root and should be able to do pretty much whatever it wants. How can I get wireshark set up so I can both capture _and_ save the .pcap files I generate? I'm running karmic koala, the full output of uname -a is: Linux ruckus-laptop 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 GNU/Linux.
View 1 Replies
View Related
Jul 2, 2010
I have an ubuntu PC with 2 nics, 1 for the internet, the other one should be to connect other computers an analyze the network traffic with Wireshark. How do I configure this 2nd nic to achieve this.
View 1 Replies
View Related
Aug 29, 2010
I remember that in the past, I succeed to sniff network traffic with Wireshark but when I tried lately, it didn't work.
- Enabled monitor and promisc mode using the command line and launched Wireshark with option 'promisc mode' on: didn't work.
- Directly launched Wireshark with option 'promisc mode' on: didn't work.
- Did the both previous things with option 'promisc mode' off: didn't work.
I'm using AR5007EG with ath5k.
View 2 Replies
View Related
Feb 2, 2011
I am trying to use wireshark on my ubuntu 10.10 laptop. However I have found out that wireshark will only detect my network cards when it is started with root permissions. How would I make it automatically start with root permissions?
View 2 Replies
View Related
Apr 27, 2011
I installed Wireshark 1.2.7 on my Lenovo X61 tablet PC running Ubuntu 10.04 lucid during the quest for a decent signal strength meter for available wifi access points. What is a good software or hardware method to TEST WiFi strength & power?But I can't get Wireshark to do the simplest thing, which is to "Capture Interfaces".
View 9 Replies
View Related
Mar 6, 2010
I want to use wireshark network traffic analyser to analyse ethernet traffic in a "Abis over IP" based GSM cellular communication network. Can anybody guide me how to install WireShark in my Ubantu 9.10 Live USB drive. I cannot access internet with this USB drive but i can download pacages in a windows machine. I need to know which pacages to download and how to build wireshark from source.
View 1 Replies
View Related
Feb 25, 2010
im trying to extract a skin into the amsn skin directory and it says im not allowed so i went into the users and groups and i set my self up to be able to do all the commands and put myself in the root catagory of users. this is where im lost im still unable to do anything.. i want complete administrator access on my OS i shouldnt have to type in sudo -
View 4 Replies
View Related
Mar 11, 2010
I've enabled the root account on Ubuntu 9.10, however I want to stop it from being used to login via GDM. 9.10 seems to have a different GDM version, how can I carry this out under 9.10
View 9 Replies
View Related
Sep 5, 2010
i have installed a ubuntu 10.04 (mini iso) w/ option of root encryption. Now i need to boot without ask for passphrase, but im trying to add a luks keyfile without success.i want to use a keyfile in the /boot partition or inside the initrd (cant be in external pendrive), but ubuntu aparently dont accept a keyfile in /boot or initrd file. I know, this way isnt very security, but i just need a basic encryption.So, how to force the use of a keyfile in /boot or inside the initrd for a crypt root partition?
View 5 Replies
View Related
Oct 19, 2010
I installed Intrepid on my netbook a few months ago, and since I'm the only one who uses it I decided to set it to log me in automatically. Unfortunately, I recently realized that for whatever reason, even if I disable screen lock in configuration editor, it still wants my password (which I can't remember for the life of me). To solve this problem, i ranCode:sudo usermod acidicninja --password <new password>Two problems: the new password doesn't log me in, and my root password no longer unlocks root! I'm in deep trouble... is there any way to reset the root password without reinstalling?
View 1 Replies
View Related
Oct 21, 2010
I can do easily sudo, gksu and gksudo in terminal, but when I click for update but in the software center:
screenshot1.png
and my password don't work I does this with update manager too
View 4 Replies
View Related
Jan 22, 2011
It's my personal computer, no other users, no one else in the house. I'm behind a separate stand alone firewall (Checkpoint device). I'm the admin on my machine and I'm going to enter sudo, or login as root, every time I need it anyway.
There's no way that having to switch to root is going to make me stop and think about what I'm getting ready to do. In fact it's quite the opposite. If I'm in the midst of troubleshooting, I'm preparing to enter a command that I think is going to work, and I get "Permission denied"... The aggravation is more likely to reduce my logical thinking, and I'll immediately switch to root and type it anyway.
I DO understand the rational of setting users (even admin users) to a lower permission level. However I don't understand the lack of a command to make a user PERMANENTLY root equivilent. Switching back and forth is a waste of time. AND it means that I now have to deal with two home directories... /root and /home/user. Having to type sudo, or su to switch to root, does not protect my system. It only aggravates.
View 9 Replies
View Related
Mar 8, 2011
Is there anyway to have a different password for login and root? For example, my account is Bratu. I want a login password: ABCD and my root password: EFG
View 1 Replies
View Related
Aug 19, 2009
I have a fedora 10 server to which I can ssh as the root user using RSA.
However for any user other than root a password is always requested.
I have made changes to PAM and check the rights to all the files and read pages upon pages. I can mess it up completely so no one can login but cant get it so that anyone other than root can use a public key.
Another interesting and may be related item is that when any user logs in, with a password, via ssh then they get the error:
Could not chdir to home directory /home/xxxx: Permission denied
But they can cd to their home directory and have no problems.
I am thinking that this may be to do with the mount. The home directory is on a HDD but the system dive is an SSD.
I have gone over everything so many times I am now lost, I must be overlooking something so simple and obvious its just not coming to mind.
View 4 Replies
View Related
Mar 7, 2011
When I try to issue "su -", I get "su: Authentication failure", and I'm 100% sure password I enter is ok.
I think it started to happen after I issued
chmod +s /usr/bin/screen
chmod 755 /usr/bin/screen
which I believe is unrelated to this problem, and,
chmod -s /bin/su (-s by mistake)
chmod 755 /bin/su
which most probably made the whole mess...
this is not the part of the problem I believe but here's some background why I did that... when trying to make possible for screen sessions to be started automatically on boot under non-root account, I entered something like "su - username -c "/usr/bin/screen -dmS screenname ./executable-file"" in bootmisc.sh, but I was getting "must run suid root for multiuser support", so I tried to fix it, and now I can't login to root account no way.
View 5 Replies
View Related
