previously on this list Nigel Taylor contributed: > I seem to recall it might have been me that put this there or at least > an older version. > > You don't capture with wireshark, you use it as a graphical display tool > only. Using tcpdump to create a file. > > The other way is to pipe tcpdump output into wireshark, > > sudo tcpdump -w - | wireshark -k -i - > > I never run this wireshark thing as root, what others do that's their > choice.
Do you have this working with /usr/local set nosuid. I get a dumpcap permission denied even after doing a chmod -s on /usr/local/bin/dumpcap. I expect removing the nosuid from /usr/local would make the risk higher than tcpdumps priv sep as dumpcap wants to run as root and running as the user would be worse than tcpdump. The message I get is: Couldn't run /usr/local/bin/dumpcap in child process: Permission denied -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________
