The lead developer of Wireshark, Gerald Combs, points out some that Linux distributions are beginning to implement Linux filesystem capabilities for raw network access. But if we shouldn't run Wireshark with root privileges, how are we to capture packets? Indeed, due to the complexity and sheer number of its many protocol dissectors, Wireshark is inherently vulnerable to malformed traffic (accidental or otherwise), which may result in denial of service conditions or possibly arbitrary code execution. WIRESHARK CONTAINS OVER ONE POINT FIVE MILLION LINES OF SOURCE CODE.
As an older Gentoo Linux ebuild of Wireshark warns: Unfortunately, this often prompts people to simply run Wireshark as root - a bad idea. This is because, by default, raw access to network interfaces (e.g. Many network engineers become dismayed the first time they run Wireshark on a Linux machine and find that they don't have access to any network interfaces. For Windows users, there is some good info in the Wireshark wiki.
This article focuses on Linux and some UNIXes.
0 kommentar(er)
