Wireshark and Locked Password


#1

Briefly describe your issue below:


What version of Parrot are you running? (4.4, home edition, and AMDx54)

What method did you use to install Parrot? (Debian GTK )

Configured to multiboot with other systems? ( no)

If there are any similar issues or solutions, link to them below:

If there are any error messages or relevant logs, post them below:

Installed Wireshark, during installation it asks if you want it to allow non adminstrative users. I selected yes. Upon running the program, I got an error message that said ‘cannot lock password, try again later’. So I rebooted, did some dishes and tryed again. Same same. Out of curiosity, I ran it through root terminal. I got an error message, but it worked. I monitorred for a while, then shut the program down. I didn’t like getting error messages, especially at root, so I tried to change it to not allow non administrative users. ```
(sudo dpkg-reconfigure wireshark-common) The process seemed to work, but now It won’t run in either terminl. I uninstalled wireshark, and related packages. Before I reinstall I would like to try to find some help on the locked pasword. I still have a .pwd.lock in /etc. Also a passwd, passwd-, shadow, and shadow-. No other lock files, but both of the shadow files have an x in the top right of the icon. I’ve found a couple different opinions on how to fix this, but since I’m messing with my entire user profile, I think I better get it right. I have changed my password by the way. Any Ideas would be appreciated.


#2

Anyway, I didn’ like all the errors in my dpkg.log, So I reformatted. Right off the bat, there is the pwd.lock. I don’t know, maybe its supposed to be there, and thats not the issue. I’m out of dvds, so I used the Parrot 4.3 disc, and upgraded. During the upgrade installation I came accross this error:

Preparing to unpack …/080-cryptsetup-run_2%3a2.0.5-1parrot1_amd64.deb …
debconf: unable to initialize frontend: Gnome
debconf: (Can’t locate Gtk3.pm in @INC (you may need to install the Gtk3 module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.28.0 /usr/local/share/perl/5.28.0 /usr/lib/x86_64-linux-gnu/perl5/5.28 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.28 /usr/share/perl/5.28 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at /usr/share/perl5/Debconf/FrontEnd/Gnome.pm line 151.)
debconf: falling back to frontend: Dialog
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline

This error occours in 7 other places.

Don’t know if that has anything to do with it or not. I get a gtk error when I try to run anon surf also.


(Nico Paul) #3

Did you read the Lua message it gave?


#4

There were no other error messages given, I just copied this out of the installation log. As for the error message whan starting Wireshark? I had it on a Libra office pad, but I can’t find it.


(D) #5

I am not well versed in the problems that you are experiencing, but i do have a resolution for your DVD problem. buy a 8 GB or larger USB thumb drive, and use etcher to “burn” it, i use it w/o any problems. ver simple interface to use, and i have been using it to load ParrotSec since 3.3.
Hope it helps!
(Hopefully I’m not violating any community rules by promoting this)


#6

I actuallly tried Etcher a few times, and couldn’t get it to work. I know its recommended on the Parrot site. I did find gnome Multiwriter in the repository. It worked to burn to the usb, and the usb burned it to my hard drive without any problems. Or any different problems. But thanks, I may try it again.


(D) #7

I will have to check out Gnome Multiwriter, i am not familiar with it. Thanks for the info!


(Nico Paul) #8

ill have to check that out! Itd be great o have a gnome native writer like etcher on the docs list


#9

By the way, the Luna error message was:

Lua: Error during loading:

/usr/share/wireshark/init.lua:32: dofile has been disabled due to running Wireshark as superuser. See https://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user

If I install it to run in user mode, I get no errors, but no connection to my wiireless interface either. If I run it sudo, then it works, but I get the luna errer. If I install it to NOT run for non administrative users, I get the same error, but it runs. So, theres a glitch in there somewhere, but it runs.


(Nico Paul) #10

Didnyou read the file it said to? You should have changed one of those values right?


#11

Yes. I have tried it both ways, but under the rules in the link for Debian specific instructions, I selected , to use wireshark as a non adiminstrative user. Then ran <sudo usermod -a -G wireshark {username}> to add myself to the group. But had the same problem. But I keep forgetting that I have problems when I reboot. Loose my wifi, etc. I have to shut down and restart, probably a bios problem. Anyway, working now, with no Luna errors, but after I close it, there are some errors in the terminal:

Reading profile /etc/firejail/wireshark.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 4394, child pid 4395
Blacklist violations are logged to syslog
Child process initialized in 70.28 ms
libGL error: MESA-LOADER: failed to retrieve device information
libGL error: Version 4 or later of flush extension not found
libGL error: failed to load driver: i915
libGL error: failed to open drm device: No such file or directory
libGL error: failed to load driver: i965

But perhaps that is for another day. If anyone wants to mark this solved and close it, I’m good with that. Thanks for the input.


(Nico Paul) #12

thats not what the file said to do though, youre supposed to change the false to true for the lua packages. why do you have so many errors? I think you may be rushing things a bit and maybe not reading the logs carefully.


#13

From: https://wiki.wireshark.org/Security

Protect Yourself!

There are some things you can do:

  • Always update to the latest Wireshark version available as bugs are fixed frequently. You can join the announce mailing list to stay informed about new versions.
    **Don’t run Wireshark as root/Administrator! See CaptureSetup/CapturePrivileges for details how to do so.
  • Analyze capture files in an uncritical environment. You may create a special (limited) user account or even use a dedicated machine for this task.

I guess the “Dont run Wireshark as a Root/Administrator” has been my top Priority. And on the:

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=debian/README.Debian;hb=HEAD

It Says:

I./a. Installing dumpcap without allowing non-root users to capture packets
Only root user will be able to capture packets. It is advised to capture
packets with the bundled dumpcap program as root and then run
Wireshark/Tshark as an ordinary user to analyze the captured logs. [2]
This is the default on Debian systems; it is selected by answering
“No” to the question mentioned above.
I./b. Installing dumpcap and allowing non-root users to capture packets
Members of the wireshark group will be able to capture packets on network
interfaces. This is the preferred way of installation if Wireshark/Tshark
will be used for capturing and displaying packets at the same time, since
that way only the dumpcap process has to be run with elevated privileges
thanks to the privilege separation[1].

  This is selected by answering "<Yes>" to the question mentioned
  above.

Note that no user will be added to group wireshark automatically;
a system administrator has to add them manually, using the usermod
command:

sudo usermod -a -G wireshark {username}

To me there seems to be a conflict in the instructions on which is the safest way to run Wireshark. Still working on the logs


(Nico Paul) #14

you could do both. I guess it depends what youre analyzing and where/when. did you set up a separate account or machine for it then? Safe is a very charged word here, more aimed at instilling more separation practices than anything in my opinion, which is what parrot does for the most part by itself. I do not run as a separate user but maybe someone will list a good reason that I should be aside from what was mentioned previously.


#15

No, I added my username to “group Wireshark”. It runs in regular terminal, only errors are those listed above, from the terminal, after I close wireshark. I have yet to find anything about it in syslog or any other log. But still researching. There is some kind of disconnect between my actual internet connection, and what is displayed in my network manager aplet. It still shows DNS as my ISP. But resolve.conf and wireshark show parrot dns. Perhaps thats part of the problem.