Wireshark en la filtración de WikiLeaks (Vault 7: CIA Hacking Tools Revealed) (Seguridad, Red)

Configure Wireshark on Ubuntu

By default, wireshark can not be run as a non-root user when attempting to capture traffic on an interface.  The following steps can rectify this issue:

1. Install Wireshark
   
   PowerShell

   sudo apt-get install wireshark

   1	sudo apt-get install wireshark

2. Create a wireshark group
   
   PowerShell

   sudo groupadd wireshark

   1	sudo groupadd wireshark

3. Add your username to the wireshark group
   
   PowerShell

   sudo usermod -a -G wireshark YOUR_USERNAME

   1	sudo usermod -a -G wireshark YOUR_USERNAME

4. Change the group ownership of the file dumpcap to wireshark
   
   PowerShell

   sudo chgrp wireshark /usr/bin/dumpcap

   1	sudo chgrp wireshark /usr/bin/dumpcap

5. Chage the mode of the file dumpcap to allow execution by the group wireshark
   
   PowerShell

   sudo chmod 750 /usr/bin/dumpcap

   1	sudo chmod 750 /usr/bin/dumpcap

6. Grant capabilities with setcap
   
   PowerShell

   sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

   1	sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

7. Verify the change
   
   PowerShell

   sudo getcap /usr/bin/dumpcap

   1	sudo getcap /usr/bin/dumpcap

config_wireshark-ubuntu_user.txt

Attachments:

• config_wireshark-ubuntu_user.txt

Previous versions:

| 1 | 2 |