Jump to content

Wireshark questions!


mrsmash

Recommended Posts

Greetings!

I'f been playing around for a bit, and i have a few questions.

First of all, i have a samsung laptop thats Monitor Enabled. ( using Kali )

Okay! So where sould i begin.

I want to sniff packages;

So i (wireless) connect to the network, i enabled Mon0.

Start Wireshark ( the gui version )

It starts with an error. ( I dont know if its normal or not )

[String /usr/shre/swireshark/init.lue]46:dotfile has been disbaled due to running wireshark as superuser. blablabla wiki.wireshark.org/capturesetup
CapturePrivileges for help in running Wireshark as an unprivileged user.

It sounds weird to me, it's like it's telling me that superusers cant sniff. Thats weird right? :'D
Kali-linux runs everything in super user right? Running Wireshark as "sudo wireshark" does not help.

So anyway, i continue;

I pick Mon0 and click "start"

Wireshark starts and starts showing alot of white text.

And whatever website i visit on my pc, tablet or phone, wireshark finds nothing.

Even when loggin into FB or visiting Discovery.com, wireshark finds nothing.

it also does nothing when i search for "http" in wireshark.

Question is! How do i fix this! :'D

Thanks for reading this all, sorry for my horrible grammar and build op. Story telling is not my thing. Haha!

Link to comment
Share on other sites

http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

Wireshark has implemented Privilege Separation which means that the Wireshark GUI (or the tshark CLI) can run as a normal user while the dumpcap capture utility runs as root. This can be achieved by installing dumpcap setuid root. The advantage of this solution is that while dumpcap is run as root the vast majority of Wireshark's code is run as a normal user (where it can do much less damage).

the following should do the trick if 'dumpcap' is within the user 'root''s path:

sudo su
chmod 4755 `which dumpcap`
exit
Edited by midnitesnake
Link to comment
Share on other sites

I'm such a loser,

When i type in "chmod 4755" it says Missing operand after 4755.

http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

Wireshark has implemented Privilege Separation which means that the Wireshark GUI (or the tshark CLI) can run as a normal user while the dumpcap capture utility runs as root. This can be achieved by installing dumpcap setuid root. The advantage of this solution is that while dumpcap is run as root the vast majority of Wireshark's code is run as a normal user (where it can do much less damage).

the following should do the trick if 'dumpcap' is within the user 'root''s path:

sudo su
chmod 4755 `which dumpcap`
exit
Link to comment
Share on other sites

You should've only given the dumpcap binary the chmod treatment. You should revert the other files to 644.

The problem you have is that when you run wireshark, you do so _as root_. You should always log into your system as a regular user and use either su or sudo for local adminning. Nothing else.

Link to comment
Share on other sites

  • 5 months later...

Kali by default, runs as root on boot since its a pentesting distro. Unless you natively install it and setup a new user, for which you'll have to setup the sudoers file to be able to use sudo and everything else that it requires, wireshark, last time I checked, runs in kali as root. If you overwrite or install a newer version, it may break that in kali, since newer versions might work like VLC, where it won't let you run it as root(although it can be hex edited to make it do so - not recommended for doing with native installs, but in a live disk session or VM, who cares)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...