dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1477

aefstoggaflm
Open Source Fan
Premium Member
join:2002-03-04
Bethlehem, PA

aefstoggaflm

Premium Member

Does one have to add Wireshark to a software firewall?

While I know that there are different software firewalls: Does one ever have to add Wireshark to a software firewall, to get Wireshark to see traffic to and from the computer that it is running on?

Thanks

Cudni
La Merma - Vigilado
MVM
join:2003-12-20
Someshire

1 recommendation

Cudni

MVM

Occasionally ran Wireshark to check/troubleshoot but not as a part of firewall

Cudni
Velnias
join:2004-07-06
233322

Velnias to aefstoggaflm

Member

to aefstoggaflm
Bad idea.

»web.nvd.nist.gov/view/vu ··· &cves=on
Jasu
join:2010-01-09
Finland

1 recommendation

Jasu to aefstoggaflm

Member

to aefstoggaflm
As Velnias pointed out, Wireshark protocol dissectors have had some problems with vulnerabilities. You should use tcpdump/windump to capture traffic to a file and read the file with Wireshark (= no need for privileges).

Also, depending how you use your connection to Internet, capturing all traffic will create lots of data. You can't go through it manually. You could check Snort.
wolfy339
join:2005-04-30
Edmonds, WA

1 recommendation

wolfy339

Member

said by Jasu:

As Velnias pointed out, Wireshark protocol dissectors have had some problems with vulnerabilities. You should use tcpdump/windump to capture traffic to a file and read the file with Wireshark (= no need for privileges).

Heck, I run Wireshark from a limited user acct on my home machine no trouble
Mele20
Premium Member
join:2001-06-05
Hilo, HI

1 recommendation

Mele20 to Velnias

Premium Member

to Velnias
Your link refers to EARLIER VERSIONS of Wireshark. Plus, most were rated 'LOW vulnerability" with a few at "medium" and NONE higher than that.

Seems to me the more responsible answer would have been to tell the OP to get the LATEST VERSION of Wireshark - 1.8.6 AND install the 64bit version.

I don't recall what OS the OP has, but if anyone wants to install Wireshark 1.8.6 64bit on Windows 8 you must FIRST install the latest version of WinPcap. THEN install Wireshark 1.8.6 and decline the installer's offer to remove your CURRENT version of WinPcap and instead replace it with an OLDER version. (Wireshark needs to update the version of WinPcap that is packaged with their installer).

The version of WinPcap (4.1.2) that is bundled with the Wireshark 64bit installer will NOT install on Windows 8. That is why WinPcap finally came out last month with a version that will install easily on Win 8 (4.1.3). The version packed with Wireshark will not install and may screw up the computer and the Wireshark installation itself install UNLESS certain TRICKS are executed to get it to, hopefully, install correctly. I went through this mess when I got this new Win 8 computer and wanted to install Ping Plotter Pro which requires WinPcap. So, it is best to install the new version of WinPcap FIRST and then install Wiireshark ignoring Wireshark's offer to uninstall the latest WinPcap and install the version that is highly problematic on Windows 8.

Even if you don't have Win 8, you should install WinPcap first so you have the latest version. This was as of yesterday that Wireshark installler offers the old version of WinPcap and wants to remove the latest version which is the only version that installs correctly (without tricks/hassle) on Win 8. I'm sure they will fix that soon but until they do, do it like I mentioned.

»www.winpcap.org/install/ ··· ault.htm
Velnias
join:2004-07-06
233322

Velnias

Member

Bad security track of wireshark means more vulnerabilities in the future, no security in mind when developed.
BTW low or medium vulnerability means application crash - pretty bad for online attack detector.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

Online attack detector? That's not what I use it for and if it did crash...well, I have had "explorer.exe" crash twice in the past two days. I'm not crazy about crashing programs, but I sure would not say crashing was "pretty bad" of a program because then I'd have to conclude that almost all programs are "pretty bad".
Velnias
join:2004-07-06
233322

Velnias

Member

You right - crashing *packet analyzer* is not a big deal.

Hmm, crashing "explorer.exe"? That really happens so often without any "help"?
Jasu
join:2010-01-09
Finland

Jasu to wolfy339

Member

to wolfy339
Yes, you are right. You only have to start the Winpcap driver as an administrator, after that anyone can use it. Thanks for Microsoft for removing the more secure raw sockets in WinXP SP2...

Phoenix22
Death From Above
Premium Member
join:2001-12-11
SOG C&C Nrth

1 recommendation

Phoenix22 to aefstoggaflm

Premium Member

to aefstoggaflm
no
SpHeRe31459
Premium Member
join:2002-10-09
Sacramento, CA

SpHeRe31459 to aefstoggaflm

Premium Member

to aefstoggaflm
said by aefstoggaflm:

While I know that there are different software firewalls: Does one ever have to add Wireshark to a software firewall, to get Wireshark to see traffic to and from the computer that it is running on?

Thanks

Nope I have never need to configure the firewall to get packets to work. Doesn't mean you might not need to with a very locked down set of rules or something.

Is this using the standard Windows firewall on XP? on Win7? or another firewall product?
TheWiseGuy
Dog And Butterfly
MVM
join:2002-07-04
East Stroudsburg, PA

1 recommendation

TheWiseGuy to aefstoggaflm

MVM

to aefstoggaflm
said by aefstoggaflm:

While I know that there are different software firewalls: Does one ever have to add Wireshark to a software firewall, to get Wireshark to see traffic to and from the computer that it is running on?

Thanks

I have not used a lot of different firewalls recently and the one I use does not require you to give permission for wireshark to work. I would of course prefer a firewall that required permission for wireshark since to me it is something of a hole in the firewall, if a program can receive packets without permission. In the past I have used firewalls that required you grant permission but I do not know if they still would since it is possible the the OS hooks have changed.

Of course you than have the tradeoff that in theory wireshark could respond since you would need to allow it to receive Inbound TCP and reply packets would not be stopped since software firewalls allow outbound TCP in reply to inbound TCP. Still it would block other programs from receiving packets without permission by hooking into the OS in a similar manner.
HELLFIRE
MVM
join:2009-11-25

1 recommendation

HELLFIRE to aefstoggaflm

MVM

to aefstoggaflm
Depends what you're doing aefstoggaflm See Profile. As others have alluded to, you occasionally need to troubleshoot
the inevitable "the issue is / isn't the firewall," whether your firewall is software, hardware, appliance or otherwise.

I won't comment on the security / wisdom of running Wireshark itself as other posters have added some good points
pro and con.

It depends what YOU want to do in YOUR environment.

My 00000010bits.

Regards

aefstoggaflm
Open Source Fan
Premium Member
join:2002-03-04
Bethlehem, PA
Linksys E4200
ARRIS SB6141

aefstoggaflm to SpHeRe31459

Premium Member

to SpHeRe31459
said by SpHeRe31459:

said by aefstoggaflm:

While I know that there are different software firewalls: Does one ever have to add Wireshark to a software firewall, to get Wireshark to see traffic to and from the computer that it is running on?

Thanks

Nope I have never need to configure the firewall to get packets to work. Doesn't mean you might not need to with a very locked down set of rules or something.

Is this using the standard Windows firewall on XP? on Win7? or another firewall product?

I was asking in general.

On my computers running Windows, the firewall built into Windows.

On my computers running a distro of unix/linux, that is another matter....