Wireshark · Ethereal-dev: RE: [Ethereal-dev] 0.9.16

Ethereal-dev: RE: [Ethereal-dev] 0.9.16

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Hauptmann Bob-P18081 <Bob.Hauptmann@xxxxxxxxxxxx>

Date: Mon, 24 Nov 2003 07:44:18 -0700

Thanks for your reply.

Yes I meant the file server exports /usrlocal/bin to the clients /usr/local/bin. Ethereal is in this directory. 

The /dev and /devices on the client is accessable (rw) to root only. ROOT and USER can't capture packets on the client; permissions denied. When I start ethereal it doesn't display the interfaces (hme, qfe) in the "interface" drop down menu. 

bob h

-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxxxx]
Sent: Friday, November 21, 2003 3:39 PM
To: Hauptmann Bob-P18081
Cc: ethereal-dev@xxxxxxxxxxxx
Subject: Re: [Ethereal-dev] 0.9.16

On Nov 21, 2003, at 2:17 PM, Hauptmann Bob-P18081 wrote:

> I have a Solaris 8 file server that I added ethereal 0.9.16 to using 
> the pkgadd function. The file server NFS mounts the /usr/local/bin 
> directory to several other Solaris8 machines.

Presumably you meant "the file server *shares* (or *exports*) the 
/usr/local/bin directory over NFS to several other Solaris 8 machines" 
- a file server client NFS-mounts a file system, a file server exports 
or shares a file system.

I.e., "/usr/local/bin" is a local file system on the file server.

>  When I execute ethereal (ethereal -i hme0) on the NFS'd machine, I 
> get /dev/hme permissions not set. It looks like permissions are valid

I.e., the permissions on "/dev/hme" *on the machine on which you're 
running Ethereal* allow you (not root, *you*) to open it for reading 
and writing?

If not, then the permissions aren't valid for allowing users to capture 
while running Ethereal as themselves - you have to run it as root.

>  and everything is setup properly. Ethereal runs properly on my file 
> server.

Then either

	1) "/dev/hme" is readable and writable by whoever's running Ethereal 
(although that will, I think, not let you capture in promiscuous mode - 
which will, I think, mean you won't see outgoing traffic);

	2) Ethereal's set-UID to root, and the machine that's mounting 
"/usr/local/bin" is mounting it "nosuid" so that the set-UID bit 
doesn't have any effect on that machine;

	3) you're running it as root on your file server, but not on the 
machine that's mounting "/usr/local/bin" over NFS.

> What could be the problem on the NFS'd machine? Is ethereal supported 
> across NFS?

Ethereal has no idea whether it's running from a binary on an NFS 
server or not.  It works just fine on Solaris 8 when running from an 
NFS server (I did that for years when I was working at Network 
Appliance).

Follow-Ups:
- Re: [Ethereal-dev] 0.9.16
  - From: Guy Harris

Prev by Date: [Ethereal-dev] makefile fix
Next by Date: RE: [Ethereal-dev] Ethereal 0.9.16 doesn't read AiroPeek 2.0 files
Previous by thread: Re: [Ethereal-dev] 0.9.16
Next by thread: Re: [Ethereal-dev] 0.9.16
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$