This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Block sniffing on ports - UBUNTU

0

The server where Wireshark is running has two network interfaces with two networks. The «sniffed» network, and the «office» one, from where people connect to the server. I don´t want wireshark to be able to sniff the office network. How do I do that?

asked 14 Sep '12, 08:15

ASantos's gravatar image

ASantos
1112
accept rate: 0%


One Answer:

2

You can't do that on Linux (that I know of).

If you were using a BSD-derived OS then it would be possible as each interface has its own (file-based) permissions.

answered 14 Sep '12, 12:29

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

Thanks Jeff

(17 Sep '12, 02:05) ASantos

Actually, there are no per-network interface files on *BSD or OS X I know of that would control access to interfaces. The BPF device files have permissions, but once you've opened a BPF device file, you could bind the BPF device to any network interface.

So that won't work on *BSD or OS X, either.

On Tru64 UNIX, you could set a per-interface flag indicating whether a given interface can be put in promicuous mode by non-privileged users, but that's the only per-interface privilege control I know of.

(16 Mar '13, 16:55) Guy Harris ♦♦

It would be interesting to see if AppArmor could be of service here. I'm not sure it offers the granularity required.

(17 Mar '13, 03:41) Jaap ♦