Priviledge Seperation
Priviledge Seperation
Posted Dec 12, 2015 9:18 UTC (Sat) by Lekensteyn (guest, #99903)In reply to: Priviledge Seperation by pizza
Parent article: Wireshark 2.0: Now with Qt
This is true, the capture process ("dumpcap") is a separate process which is run by Wireshark/tshark to capture packets. This process does not need setuid root, it is sufficient to give it CAP_NET_RAW and CAP_NET_ADMIN capabilities. See https://wiki.wireshark.org/CaptureSetup/CapturePrivileges... for instructions.