mrsmash Posted July 23, 2014 Share Posted July 23, 2014 Greetings! I'f been playing around for a bit, and i have a few questions. First of all, i have a samsung laptop thats Monitor Enabled. ( using Kali ) Okay! So where sould i begin. I want to sniff packages; So i (wireless) connect to the network, i enabled Mon0. Start Wireshark ( the gui version ) It starts with an error. ( I dont know if its normal or not ) [String /usr/shre/swireshark/init.lue]46:dotfile has been disbaled due to running wireshark as superuser. blablabla wiki.wireshark.org/capturesetup CapturePrivileges for help in running Wireshark as an unprivileged user. It sounds weird to me, it's like it's telling me that superusers cant sniff. Thats weird right? :'DKali-linux runs everything in super user right? Running Wireshark as "sudo wireshark" does not help. So anyway, i continue; I pick Mon0 and click "start" Wireshark starts and starts showing alot of white text. And whatever website i visit on my pc, tablet or phone, wireshark finds nothing. Even when loggin into FB or visiting Discovery.com, wireshark finds nothing. it also does nothing when i search for "http" in wireshark. Question is! How do i fix this! :'D Thanks for reading this all, sorry for my horrible grammar and build op. Story telling is not my thing. Haha! Quote Link to comment Share on other sites More sharing options...
no42 Posted July 23, 2014 Share Posted July 23, 2014 (edited) http://wiki.wireshark.org/CaptureSetup/CapturePrivileges Wireshark has implemented Privilege Separation which means that the Wireshark GUI (or the tshark CLI) can run as a normal user while the dumpcap capture utility runs as root. This can be achieved by installing dumpcap setuid root. The advantage of this solution is that while dumpcap is run as root the vast majority of Wireshark's code is run as a normal user (where it can do much less damage). the following should do the trick if 'dumpcap' is within the user 'root''s path: sudo su chmod 4755 `which dumpcap` exit Edited July 23, 2014 by midnitesnake Quote Link to comment Share on other sites More sharing options...
mrsmash Posted July 23, 2014 Author Share Posted July 23, 2014 I'm such a loser, When i type in "chmod 4755" it says Missing operand after 4755. http://wiki.wireshark.org/CaptureSetup/CapturePrivileges Wireshark has implemented Privilege Separation which means that the Wireshark GUI (or the tshark CLI) can run as a normal user while the dumpcap capture utility runs as root. This can be achieved by installing dumpcap setuid root. The advantage of this solution is that while dumpcap is run as root the vast majority of Wireshark's code is run as a normal user (where it can do much less damage). the following should do the trick if 'dumpcap' is within the user 'root''s path: sudo su chmod 4755 `which dumpcap` exit Quote Link to comment Share on other sites More sharing options...
no42 Posted July 24, 2014 Share Posted July 24, 2014 sounds like dumpcap is not in root's PATH sudo su updatedb locate dumpcap that should get you the full path to dumpcap then chmod 4755 <full path to dumpcap> Quote Link to comment Share on other sites More sharing options...
mrsmash Posted July 24, 2014 Author Share Posted July 24, 2014 I did as you said, but nothing seem to change. I made a screenshot for you so you can have a look. .The second last command was a typo, sorry for that! Thanks for taking the time to help me! Quote Link to comment Share on other sites More sharing options...
mrsmash Posted July 24, 2014 Author Share Posted July 24, 2014 -screenshot- Quote Link to comment Share on other sites More sharing options...
no42 Posted July 24, 2014 Share Posted July 24, 2014 (edited) final step add a new user, and login via that account instead of root. this page may help explain the process: http://www.howtogeek.com/howto/ubuntu/add-a-user-on-ubuntu-server/ Edited July 24, 2014 by midnitesnake Quote Link to comment Share on other sites More sharing options...
cooper Posted July 24, 2014 Share Posted July 24, 2014 You should've only given the dumpcap binary the chmod treatment. You should revert the other files to 644. The problem you have is that when you run wireshark, you do so _as root_. You should always log into your system as a regular user and use either su or sudo for local adminning. Nothing else. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted January 16, 2015 Share Posted January 16, 2015 I don't have an answer for you but rather a question. Are you Mr. Smash or Mrs. Mash? Quote Link to comment Share on other sites More sharing options...
digip Posted January 17, 2015 Share Posted January 17, 2015 Kali by default, runs as root on boot since its a pentesting distro. Unless you natively install it and setup a new user, for which you'll have to setup the sudoers file to be able to use sudo and everything else that it requires, wireshark, last time I checked, runs in kali as root. If you overwrite or install a newer version, it may break that in kali, since newer versions might work like VLC, where it won't let you run it as root(although it can be hex edited to make it do so - not recommended for doing with native installs, but in a live disk session or VM, who cares) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.