Re: [WinPcap-users] I am getting socket: Operation not permitted error

[Guy Harris]

On Tue, Feb 25, 2003 at 02:02:41PM -0800, Jeff Wong wrote:
 When I try to execute the following command:
 pcapHandle = pcap_open_live(pcapDeviceName, BUFSIZ, 0, -1, pcapErrBuf);
 
 I am getting the error socket: Operation not permitted.
 Is this because I'm not executing as root?
 Is there a way to execute this command without being root?
 
 My device name is eth0.

On Linux, it might be; on Windows, it's not.

Are you talking about Linux, or Windows?

I suspect it's Linux, given the device name and the socket error;
WinPcap doesn't use sockets to capture, but libpcap on Linux does.

If you're talking about Linux (or any other UNIX variant), the right
list is [EMAIL PROTECTED]

 I noticed when I want to execute tcpdump I have to either sudo or run as root
 to execute this command.

(Except on systems using BPF, where you might be able to give yourself
read permission on the BPF devices if you can become root.  That can
sort of be made to work with DLPI devices on Solaris, except that, on at
least some versions of Solaris, you have to be root in order to run in
promiscuous mode.

In theory, on Linux - which is probably the OS you're discussing there,
given the device name eth0 - you could assign users capability bits to
let them do packet capture; however, there's no userland support for
that, as far as I know, so you can't put an entry in a file saying this
user has raw network capability.)

 Is this the case as well?

If this is Linux, or some other variant of UNIX, yes, it is the case
(modulo the items noted above).

If this is Windows, no, because does things differently.  (For one
thing, root is spelled Administrator.  :-))

The WinPcap FAQ discusses this:

http://winpcap.polito.it/misc/faq.htm#Q-7

Q-7: Do I need to be Administrator in order to execute programs based
on WinPcap on Windows NT/2000/XP?

A: Yes/no.  The security model of WinPcap is quite poor, and we plan to
work on it in the future.  At the moment, if you execute a WinPcap-based
application for the first time since the last reboot, you must be
administrator.  At the first execution, the driver will be dynamically
installed in the system, and from that moment every user will be able to
use WinPcap to sniff the packets.


==
 This is the WinPcap users list. It is archived at
 http://www.mail-archive.com/[EMAIL PROTECTED]/

 To unsubscribe use 
 mailto: [EMAIL PROTECTED]
==

RE: [WinPcap-users] I am getting socket: Operation not permitted error

[Fulvio Risso]

 -Original Message-
 From: Jeff Wong [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, February 25, 2003 23:03
 To: [EMAIL PROTECTED]
 Subject: [WinPcap-users] I am getting socket: Operation not permitted
 error
 
 
 When I try to execute the following command:
 pcapHandle = pcap_open_live(pcapDeviceName, BUFSIZ, 0, -1, pcapErrBuf);
 
 I am getting the error socket: Operation not permitted.
 Is this because I'm not executing as root?

yes.


 Is there a way to execute this command without being root?

The NPF driver should have been started before by someone else.

 
 My device name is eth0.

Are you sure that you're using a Win32 machine?
If not, are you sure this is the right mlist?

fulvio

 I noticed when I want to execute tcpdump I have to either sudo or 
 run as root
 to execute this command.  Is this the case as well?
 
 Thanks.
 Jeff
 
 
 
 ==
  This is the WinPcap users list. It is archived at
  http://www.mail-archive.com/[EMAIL PROTECTED]/
 
  To unsubscribe use 
  mailto: [EMAIL PROTECTED]
 ==


==
 This is the WinPcap users list. It is archived at
 http://www.mail-archive.com/[EMAIL PROTECTED]/

 To unsubscribe use 
 mailto: [EMAIL PROTECTED]
==