January 2013

You are currently browsing the monthly archive for January 2013.

In another post, I talked about running Wireshark and other sniffing programs as an unprivileged user. You can do the same with Nmap, but it’s a little more tricky.

WARNING: This is dangerous. The Nmap Scripting Engine (NSE) allows scripts to sniff the network, change firewall roules and interface configuration, or exploit vulnerabilities including on localhost. It’s possible, especially with elevated capabilities, for a clever person to use Nmap and NSE to escalate to full root privileges. If you do not understand these risks, do not do this.

Read the rest of this entry »

Tags: , ,

The Wireshark team has long warned us not to run Wireshark as root. However, since Wireshark 1.4 (between Ubuntu 10.04 and 12.04), they’ve raised the stakes. Wireshark no longer loads all its plugins and protocol dissectors when run by root, and it displays warning messages on the CLI and the GUI:

root@laptop:~# tshark 
tshark: Lua: Error during loading:
 [string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled
Running as user "root" and group "root". This could be dangerous.

Read the rest of this entry »

Tags: , ,