This is our old Q&A Site. Please post any new questions and answers at

The server where Wireshark is running has two network interfaces with two networks. The «sniffed» network, and the «office» one, from where people connect to the server. I don´t want wireshark to be able to sniff the office network. How do I do that?

asked 14 Sep '12, 08:15

ASantos's gravatar image

accept rate: 0%

You can't do that on Linux (that I know of).

If you were using a BSD-derived OS then it would be possible as each interface has its own (file-based) permissions.

permanent link

answered 14 Sep '12, 12:29

JeffMorriss's gravatar image

JeffMorriss ♦
accept rate: 27%

Thanks Jeff

(17 Sep '12, 02:05) ASantos

Actually, there are no per-network interface files on *BSD or OS X I know of that would control access to interfaces. The BPF device files have permissions, but once you've opened a BPF device file, you could bind the BPF device to any network interface.

So that won't work on *BSD or OS X, either.

On Tru64 UNIX, you could set a per-interface flag indicating whether a given interface can be put in promicuous mode by non-privileged users, but that's the only per-interface privilege control I know of.

(16 Mar '13, 16:55) Guy Harris ♦♦

It would be interesting to see if AppArmor could be of service here. I'm not sure it offers the granularity required.

(17 Mar '13, 03:41) Jaap ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 14 Sep '12, 08:15

question was seen: 2,489 times

last updated: 17 Mar '13, 03:41

p​o​w​e​r​e​d by O​S​Q​A