I've noticed there have been some recent (March 13) changes to Wireshark. Previously, when starting, it was necessary to enter the root password. Now, no password is required, but it's no longer possible to select an interface to monitor. This makes it somewhat useless for capturing traffic. About all that can be done is read existing capture files. If opened from a root terminal session, it works normally. I then checked the application in the menu and found the application command had changed from /usr/bin/xdg-su -c /usr/bin/wireshark %f to wireshark %f, which runs it as a mere mortal, in that useless mode. Why was this done? After restoring the full command, it now works properly. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
I've noticed there have been some recent (March 13) changes to Wireshark. Previously, when starting, it was necessary to enter the root password. Now, no password is required, but it's no longer possible to select an interface to monitor. This makes it somewhat useless for capturing traffic.
Use tcpdump for that ? I only ever use wireshark for the analysis, never the capture.
About all that can be done is read existing capture files.
Which is all we do here.
If opened from a root terminal session, it works normally. I then checked the application in the menu and found the application command had changed from /usr/bin/xdg-su -c /usr/bin/wireshark %f to wireshark %f, which runs it as a mere mortal, in that useless mode. Why was this done? After restoring the full command, it now works properly.
A matter of which default is most appropriate ? I prefer running wireshark without requiring root access, it's a security issue. -- Per Jessen, Zürich (2.7°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2020-03-22 03:21 PM, Per Jessen wrote:
James Knott wrote:
I've noticed there have been some recent (March 13) changes to Wireshark. Previously, when starting, it was necessary to enter the root password. Now, no password is required, but it's no longer possible to select an interface to monitor. This makes it somewhat useless for capturing traffic. Use tcpdump for that ? I only ever use wireshark for the analysis, never the capture.
About all that can be done is read existing capture files. Which is all we do here.
If opened from a root terminal session, it works normally. I then checked the application in the menu and found the application command had changed from /usr/bin/xdg-su -c /usr/bin/wireshark %f to wireshark %f, which runs it as a mere mortal, in that useless mode. Why was this done? After restoring the full command, it now works properly. A matter of which default is most appropriate ? I prefer running wireshark without requiring root access, it's a security issue.
I mostly run it to capture traffic and only occasionally use it to examine capture files. Usually those files are ones I've downloaded from pfSense. It's Packet Capture is not the greatest for examining packets. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 22/03/2020 19.44, James Knott wrote:
I've noticed there have been some recent (March 13) changes to Wireshark. Previously, when starting, it was necessary to enter the root password. Now, no password is required, but it's no longer possible to select an interface to monitor. This makes it somewhat useless for capturing traffic. About all that can be done is read existing capture files. If opened from a root terminal session, it works normally. I then checked the application in the menu and found the application command had changed from /usr/bin/xdg-su -c /usr/bin/wireshark %f to wireshark %f, which runs it as a mere mortal, in that useless mode. Why was this done? After restoring the full command, it now works properly.
maybe to separate the capture role from the study role. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
On 2020-03-23 05:48 PM, Carlos E. R. wrote:
On 22/03/2020 19.44, James Knott wrote:
I've noticed there have been some recent (March 13) changes to Wireshark. Previously, when starting, it was necessary to enter the root password. Now, no password is required, but it's no longer possible to select an interface to monitor. This makes it somewhat useless for capturing traffic. About all that can be done is read existing capture files. If opened from a root terminal session, it works normally. I then checked the application in the menu and found the application command had changed from /usr/bin/xdg-su -c /usr/bin/wireshark %f to wireshark %f, which runs it as a mere mortal, in that useless mode. Why was this done? After restoring the full command, it now works properly.
maybe to separate the capture role from the study role.
I normally use it for capture. When I use it to examine capture files, they usually came from the Packet Capture in my pfSense firewall. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 03/22/2020 01:44 PM, James Knott wrote:
I've noticed there have been some recent (March 13) changes to Wireshark. Previously, when starting, it was necessary to enter the root password. Now, no password is required, but it's no longer possible to select an interface to monitor. This makes it somewhat useless for capturing traffic. About all that can be done is read existing capture files. If opened from a root terminal session, it works normally. I then checked the application in the menu and found the application command had changed from /usr/bin/xdg-su -c /usr/bin/wireshark %f to wireshark %f, which runs it as a mere mortal, in that useless mode. Why was this done? After restoring the full command, it now works properly.
That's a bug in my mind that needs to be reported. That sounds more like a packaging problem. If it were an intentional change, there should be some notice to all that have used it for the past 15+ years as ethereal and then wireshark. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2020-03-22 02:44 PM, James Knott wrote:
I've noticed there have been some recent (March 13) changes to Wireshark. Previously, when starting, it was necessary to enter the root password. Now, no password is required, but it's no longer possible to select an interface to monitor. This makes it somewhat useless for capturing traffic. About all that can be done is read existing capture files. If opened from a root terminal session, it works normally. I then checked the application in the menu and found the application command had changed from /usr/bin/xdg-su -c /usr/bin/wireshark %f to wireshark %f, which runs it as a mere mortal, in that useless mode. Why was this done? After restoring the full command, it now works properly.
One other thing I just noticed. In making that change, Wireshark no longer starts when I click on a capture file, though IIRC, it didn't use to either. In checking, I discovered that changing the menu also changes the file association. So I can either have Wireshark capture files when opened from the menu or open when I click on a file, but not both. Apparently, changing the menu command also changes the file association command. Is there any way to correct this so that changing the menu does not change the association? Or fix it so that clicking on a file works properly? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2020-04-02 04:03 PM, James Knott wrote:
On 2020-03-22 02:44 PM, James Knott wrote:
I've noticed there have been some recent (March 13) changes to Wireshark. Previously, when starting, it was necessary to enter the root password. Now, no password is required, but it's no longer possible to select an interface to monitor. This makes it somewhat useless for capturing traffic. About all that can be done is read existing capture files. If opened from a root terminal session, it works normally. I then checked the application in the menu and found the application command had changed from /usr/bin/xdg-su -c /usr/bin/wireshark %f to wireshark %f, which runs it as a mere mortal, in that useless mode. Why was this done? After restoring the full command, it now works properly.
One other thing I just noticed. In making that change, Wireshark no longer starts when I click on a capture file, though IIRC, it didn't use to either. In checking, I discovered that changing the menu also changes the file association. So I can either have Wireshark capture files when opened from the menu or open when I click on a file, but not both. Apparently, changing the menu command also changes the file association command. Is there any way to correct this so that changing the menu does not change the association? Or fix it so that clicking on a file works properly?
I created two Wireshark items in the menu, one for root and the other for mere mortals. I then associated to the one for mere mortals and now it works the way I want. I can now both capture and open capture files by clicking on them. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Carlos E. R. -
David C. Rankin -
James Knott -
Per Jessen