Hi all,
can one I use wireshark as user or I must be root?
Thank you in advance
Santo

--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: Aioe.org NNTP Server (2:250/1@fidonet)

On Mon, 29 Aug 2022 10:32:59 -0000 (UTC), santo wrote:

Hi all,
can one I use wireshark as user

$ type wireshark
wireshark is /usr/bin/wireshark
would suggest anyone could run it.

Have you tried it yet ?

or I must be root?
Thank you in advance

It might not hurt to add your login name to the wireshark group, log out/in
and check for it with
id -nG

For any lurkers you might also create the systemd-journal group if it does
not exist and add your login name to it while you are in group management tool.

That will allow you to use journalctl to access the system journal without having to be root.


--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Mon, 29 Aug 2022 07:26:57 -0500, Bit Twister wrote:

It might not hurt to add your login name to the wireshark group,

yes, I added my name to wireshark group and ...well, it works...but I
have no idea what to do..
:-(

Sorry, som Off Topic background...
I do not know if people remember my name here, I only post in regard to installing new Mageia version and am veri ignorant about how things works etc...anyway...
Auroville is going through some difficult time, there is an attempt by Government Official and some 'Aurovilians' to take over the management of Auroville...

Some of these Aurovilians with Gov Off. help, took over the management
of the @auroville.org.in ...I ( we ) from the other side were informend
that our email ID was not safe to use anymore as now the new management
could look into our mails etc...

In fact for sometime I could not access my Google Drive and when trying
to log into my email account I was logged out immedietely ( 'you have
been logged out' message appeared for at least 3 times...)

When I finally managed to log in a message appeared stating that the
domain auroville.org.in was now managed by xxxxc (forgot ...)but the
message clearly stated that this xxxx had now the possibility to look
into datas in my mail box...

I wish I had taken a screen shot of that message ...


Now I can log in but obviously I am very unsure and do not wish to use it
but all my contacts are there...of course I created a new gmail ID but still...
:-(

( which I will replace in this group)...

ANyway, apologies for this long OT post...I was just trying to find
something that could help, me if and when, someone was logging into my
mail box and record it so that I could sue them, I thought Wireshark was
such option maybe, but it is all way beyond my level...

just disregard if way of topic...and apologies for ...well whatever...

Santo

For any lurkers you might also create the systemd-journal group if it
does not exist and add your login name to it while you are in group management tool.

That will allow you to use journalctl to access the system journal
without having to be root.

--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: Aioe.org NNTP Server (2:250/1@fidonet)

On Mon, 29 Aug 2022 13:07:56 -0000 (UTC), santo wrote:

On Mon, 29 Aug 2022 07:26:57 -0500, Bit Twister wrote:

It might not hurt to add your login name to the wireshark group,

yes, I added my name to wireshark group and ...well, it works...but I
have no idea what to do..
:-(

wireshark allows you to read/collect actual packets sent to/from your
system.

Sorry, som Off Topic background...
I do not know if people remember my name here, I only post in regard to installing new Mageia version and am veri ignorant about how things works etc...anyway...
Auroville is going through some difficult time, there is an attempt by Government Official and some 'Aurovilians' to take over the management of Auroville...

Some of these Aurovilians with Gov Off. help, took over the management
of the @auroville.org.in ...I ( we ) from the other side were informend
that our email ID was not safe to use anymore as now the new management
could look into our mails etc...

Yep, whoever owns the server has access to all data on the system.

In fact for sometime I could not access my Google Drive and when trying
to log into my email account I was logged out immedietely ( 'you have
been logged out' message appeared for at least 3 times...)

Yep, could be a system configuration problem and the login authorization service/daemon may not be running/working and you are not getting the right/correct message failure.

When I finally managed to log in a message appeared stating that the
domain auroville.org.in was now managed by xxxxc (forgot ...)but the
message clearly stated that this xxxx had now the possibility to look
into datas in my mail box...

Well I would not expect the xxxx organization to post such a message.
going to guess xxxx organization is the cause of the login problem.

I wish I had taken a screen shot of that message ...

Rather than a screen shot, I use import to select/save a desired portion of
of my screen. import is in the imagemagick package/rpm.

Now I can log in but obviously I am very unsure and do not wish to use it
but all my contacts are there...of course I created a new gmail ID but still...
:-(

Then I suggest saving contacts and whatnot so you always have them regardless of who you use.

( which I will replace in this group)...

ANyway, apologies for this long OT post...I was just trying to find
something that could help, me if and when, someone was logging into my
mail box and record it so that I could sue them, I thought Wireshark was
such option maybe, but it is all way beyond my level...

Wireshark will not show you what you want unless they are using your system.
If I had your email id/password I could log into it and Wireshark would not show any traffic/packets of such activity.


--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Mon, 29 Aug 2022 09:07:56 -0400, santo <nanci@auroville.org.in> wrote:

On Mon, 29 Aug 2022 07:26:57 -0500, Bit Twister wrote:

It might not hurt to add your login name to the wireshark group,

yes, I added my name to wireshark group and ...well, it works...but I
have no idea what to do..
:-(

Sorry, som Off Topic background...
I do not know if people remember my name here, I only post in regard to installing new Mageia version and am veri ignorant about how things works etc...anyway...
Auroville is going through some difficult time, there is an attempt by Government Official and some 'Aurovilians' to take over the management of Auroville...

Some of these Aurovilians with Gov Off. help, took over the management
of the @auroville.org.in ...I ( we ) from the other side were informend
that our email ID was not safe to use anymore as now the new management
could look into our mails etc...

In fact for sometime I could not access my Google Drive and when trying
to log into my email account I was logged out immedietely ( 'you have
been logged out' message appeared for at least 3 times...)

When I finally managed to log in a message appeared stating that the
domain auroville.org.in was now managed by xxxxc (forgot ...)but the
message clearly stated that this xxxx had now the possibility to look
into datas in my mail box...

I wish I had taken a screen shot of that message ...

Now I can log in but obviously I am very unsure and do not wish to use it
but all my contacts are there...of course I created a new gmail ID but still...
:-(

( which I will replace in this group)...

ANyway, apologies for this long OT post...I was just trying to find
something that could help, me if and when, someone was logging into my
mail box and record it so that I could sue them, I thought Wireshark was
such option maybe, but it is all way beyond my level...

just disregard if way of topic...and apologies for ...well whatever...

Santo

For any lurkers you might also create the systemd-journal group if it
does not exist and add your login name to it while you are in group
management tool.

That will allow you to use journalctl to access the system journal
without having to be root.

Wireshark only allows you to capture traffic that is visible to the network interface on your computer.

The admin is correct to warn you, that anyone who has physical access to the computer(s) used by auroville.org.in can read anything stored on those hard drives. Whether they will or not, is another story. One that you cannot detect
from your computer. That's true any time your stuff is stored on some one else's computer, whether its auroville.org.in, google, yahoo, or others.

For google drive, the admin of auroville.org.in would only be able to see that your computer is connected to google, not what you are doing with it. Just like auroville with the email stored on it's hard drives, google can read anything that is not encrypted, that is stored on it's drives.

When you connect to https://drive.google.com/drive/my-drive the connection is encrypted between google and your computer. The admin can see that you're using drive.google.com, but can't snoop on your login etc. If the password is not sitting in your email inbox at auroville.org.in then they cannot impersonate you.

If you don't want stuff that is stored on some one else's computer to be readable
by it's admins, make sure it's encrypted, and only decrypted after it gets to your
computer. That in itself may make you a target of investigation though, depending
on the circumstances.

Regards, Dave Hodgins

--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Mon, 29 Aug 2022 08:52:31 -0500, Bit Twister wrote:

On Mon, 29 Aug 2022 13:07:56 -0000 (UTC), santo wrote:

On Mon, 29 Aug 2022 07:26:57 -0500, Bit Twister wrote:

Well to close the tread...

Yep, whoever owns the server has access to all data on the system.

so my fears are not unfounded
:-(

for the Google Drive...

The admin of the google drive ( through Telegram ) I have subscribed to
showed me with a screen shot he took that the auroville.org.in domain was
not allowed to access it...it seems is legal and institutions like Universities etc...block their email domain to be used outside their
campus...

( By the way, ust a drive to share italian comics and old movies and TV series...)

changing the email solved the problem

Well I would not expect the xxxx organization to post such a message.

It was a pop-up small window and the meaning was clearly that one...

Anyway, thanks for your help, as usual very appreciated...
Santo

--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: Aioe.org NNTP Server (2:250/1@fidonet)

On Mon, 29 Aug 2022 09:59:08 -0400, David W. Hodgins wrote:

On Mon, 29 Aug 2022 09:07:56 -0400, santo <nanci@auroville.org.in>
wrote:

On Mon, 29 Aug 2022 07:26:57 -0500, Bit Twister wrote:

The admin is correct to warn you, that anyone who has physical access to
the computer(s) used by auroville.org.in can read anything stored on
those hard drives. Whether they will or not, is another story. One that
you cannot detect
from your computer. That's true any time your stuff is stored on some
one
else's computer, whether its auroville.org.in, google, yahoo, or others.

For google drive, the admin of auroville.org.in would only be able to
see that your computer is connected to google, not what you are doing
with it. Just like auroville with the email stored on it's hard drives, google can read anything that is not encrypted, that is stored on it's drives.

When you connect to https://drive.google.com/drive/my-drive the
connection is encrypted between google and your computer. The admin can
see that you're using drive.google.com, but can't snoop on your login
etc. If the password is not sitting in your email inbox at
auroville.org.in then they cannot impersonate you.

If you don't want stuff that is stored on some one else's computer to be readable by it's admins, make sure it's encrypted, and only decrypted
after it gets to your computer. That in itself may make you a target of investigation though, depending on the circumstances.

Regards, Dave Hodgins

Thanks David, help and explanation very appreciated...my only concerns
was and is that they could detect and read the emails that I am
exchanging with my friends about the situation here in Auroville, I have nothing illegal or dubious in my mail box.

he google drive is about exchanging accessing old italian comics , movies
and tv series...and I thought that there is an encription that is there
by default so no need from my side to check, but it seems that I must be
sure about it...
Will look into it.
Thank you again and end of the tread
:-)
Santo

--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: Aioe.org NNTP Server (2:250/1@fidonet)

I shouldnt ask this question as I am no expert,

but... in Mageia8 after installing it was working right away, now in
Mageia9 I get the main screen, says at the bottom ...'ready to
capture'...but nothing happens.
when I select a filter as well nothing happens...wondering if there is a passage I skipped I am not aware of...
TIA
santo


--- MBSE BBS v1.0.8.6 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Tue, 27 Feb 2024 05:23:59 -0500, santo <nanci@auroville.org.in> wrote:

I shouldnt ask this question as I am no expert,

but... in Mageia8 after installing it was working right away, now in
Mageia9 I get the main screen, says at the bottom ...'ready to
capture'...but nothing happens.
when I select a filter as well nothing happens...wondering if there is a passage I skipped I am not aware of...

The user interface changed.

Left click on the desired interface, then left click on the "Start capturing packets" icon (left most icon on the toolbar), or right click on the desired interface and then left click on "Start capture".

Regards, Dave Hodgins

--- MBSE BBS v1.0.8.6 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Tue, 27 Feb 2024 09:14:24 -0500, David W. Hodgins wrote:

On Tue, 27 Feb 2024 05:23:59 -0500, santo <nanci@auroville.org.in>
wrote:

I shouldnt ask this question as I am no expert,

but... in Mageia8 after installing it was working right away, now in
Mageia9 I get the main screen, says at the bottom ...'ready to
capture'...but nothing happens.
when I select a filter as well nothing happens...wondering if there is
a passage I skipped I am not aware of...

The user interface changed.

Left click on the desired interface, then left click on the "Start
capturing packets" icon (left most icon on the toolbar), or right click
on the desired interface and then left click on "Start capture".

Regards, Dave Hodgins

Nope, sorry...nothing happens no matter what I do...no matter where I
click on the scroll down menus... I always get the message :

no interface selected

--- MBSE BBS v1.0.8.6 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Tue, 27 Feb 2024 21:37:19 -0500, santo <nanci@auroville.org.in> wrote:

Nope, sorry...nothing happens no matter what I do...no matter where I
click on the scroll down menus... I always get the message :

See /usr/share/doc/wireshark/README.urpmi

Is your id in the wireshark group? Don't forget to logout/in (or reboot) after for any group changes to take effect.

The other option is to run dumpcap as root and then run wireshark or tshark
to process the captured file.

Regards, Dave Hodgins

--- MBSE BBS v1.0.8.6 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Wed, 28 Feb 2024 00:44:12 -0500, David W. Hodgins wrote:

On Tue, 27 Feb 2024 21:37:19 -0500, santo <nanci@auroville.org.in>
wrote:

Nope, sorry...nothing happens no matter what I do...no matter where I
click on the scroll down menus... I always get the message :

See /usr/share/doc/wireshark/README.urpmi

Is your id in the wireshark group? Don't forget to logout/in (or reboot) after for any group changes to take effect.

The other option is to run dumpcap as root and then run wireshark or
tshark to process the captured file.

Regards, Dave Hodgins

thanks, I added my id to the wireshark group and now it works..
:-)

--- MBSE BBS v1.0.8.6 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)