Friday, July 20, 2007

OpenBSD: Wireshark Port

Thanks to Nikns again for sending me this information and I think it would be great to share with everyone especially OpenBSD users who need Wireshark for life.

In 5th of July, new wireshark version 0.99.6 is released. Many of us, who uses OpenBSD has need to use wireshark. However, ethereal (now wireshark), has been removed from OpenBSD ports tree long ago due to the bad security record where many vulnerabilities have been discovered in dissectors code.

Nikns has created unofficial OpenBSD port for Wireshark where you can find here -

http://secure.lv/~nikns/stuff/ports/wireshark-0.99.6_4.1.tar

Some of details about the port -

From pkg/DESCR:
SECURITY MEASURES:
If run with root privileges, wireshark, tshark and dumpcap will drop privileges to unprivileged user "_wireshark" after opening live capture device or dump file.

So, like OpenBSD's tcpdump written previously here...

http://geek00l.blogspot.com/2007/04/tcpdump-privilege-dropping-passive-os.html

If run as root it drops privileges after opening capture device or dump file. This is why it is recommended to start it as root first. The disadvantage for this privilege dropping is that once privileges are dropped wireshark must be restarted to start now capture...

For me I think it's great to have Wireshark on OpenBSD not for the purpose of network sniffing/logging instead of using it for network analysis, therefore thanks to Nikns putting the effort in maintaining the unofficial port himself.

Enjoy ;]

1 comment:

imipak said...

Thanks, that looks great :)