Wireshark questions!

[mrsmash]

Greetings!

I'f been playing around for a bit, and i have a few questions.

First of all, i have a samsung laptop thats Monitor Enabled. ( using Kali )

Okay! So where sould i begin.

I want to sniff packages;

So i (wireless) connect to the network, i enabled Mon0.

Start Wireshark ( the gui version )

It starts with an error. ( I dont know if its normal or not )

[String /usr/shre/swireshark/init.lue]46:dotfile has been disbaled due to running wireshark as superuser. blablabla wiki.wireshark.org/capturesetup
CapturePrivileges for help in running Wireshark as an unprivileged user.

It sounds weird to me, it's like it's telling me that superusers cant sniff. Thats weird right? :'D
Kali-linux runs everything in super user right? Running Wireshark as "sudo wireshark" does not help.

So anyway, i continue;

I pick Mon0 and click "start"

Wireshark starts and starts showing alot of white text.

And whatever website i visit on my pc, tablet or phone, wireshark finds nothing.

Even when loggin into FB or visiting Discovery.com, wireshark finds nothing.

it also does nothing when i search for "http" in wireshark.

Question is! How do i fix this! :'D

Thanks for reading this all, sorry for my horrible grammar and build op. Story telling is not my thing. Haha!

[no42]

http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

Wireshark has implemented Privilege Separation which means that the Wireshark GUI (or the tshark CLI) can run as a normal user while the dumpcap capture utility runs as root. This can be achieved by installing dumpcap setuid root. The advantage of this solution is that while dumpcap is run as root the vast majority of Wireshark's code is run as a normal user (where it can do much less damage).

the following should do the trick if 'dumpcap' is within the user 'root''s path:

sudo su
chmod 4755 `which dumpcap`
exit

Edited July 23, 2014 by midnitesnake

[mrsmash]

I'm such a loser,

When i type in "chmod 4755" it says Missing operand after 4755.

http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

Wireshark has implemented Privilege Separation which means that the Wireshark GUI (or the tshark CLI) can run as a normal user while the dumpcap capture utility runs as root. This can be achieved by installing dumpcap setuid root. The advantage of this solution is that while dumpcap is run as root the vast majority of Wireshark's code is run as a normal user (where it can do much less damage).

the following should do the trick if 'dumpcap' is within the user 'root''s path:

sudo su
chmod 4755 `which dumpcap`
exit

[no42]

sounds like dumpcap is not in root's PATH

sudo su
updatedb
locate dumpcap

that should get you the full path to dumpcap

then

chmod 4755 <full path to dumpcap>

[mrsmash]

I did as you said, but nothing seem to change. I made a screenshot for you so you can have a look.

.The second last command was a typo, sorry for that!

Thanks for taking the time to help me!

[mrsmash]

-screenshot-

[no42]

final step add a new user, and login via that account instead of root.

this page may help explain the process: http://www.howtogeek.com/howto/ubuntu/add-a-user-on-ubuntu-server/

Edited July 24, 2014 by midnitesnake

[cooper]

You should've only given the dumpcap binary the chmod treatment. You should revert the other files to 644.

The problem you have is that when you run wireshark, you do so _as root_. You should always log into your system as a regular user and use either su or sudo for local adminning. Nothing else.

[sud0nick]

I don't have an answer for you but rather a question.

Are you Mr. Smash or Mrs. Mash?

[digip]

Kali by default, runs as root on boot since its a pentesting distro. Unless you natively install it and setup a new user, for which you'll have to setup the sudoers file to be able to use sudo and everything else that it requires, wireshark, last time I checked, runs in kali as root. If you overwrite or install a newer version, it may break that in kali, since newer versions might work like VLC, where it won't let you run it as root(although it can be hex edited to make it do so - not recommended for doing with native installs, but in a live disk session or VM, who cares)