> On Wed, Mar 02, 2005 at 04:14:51PM -0500, Brian Kim wrote: > | Getting back to the problem at hand, is it required to be a superuser > | in order to listen to all traffic coming in on a NIC? (I've always
when binding to the NIC, yes. > | believed yes, but I'm just making sure here....) And is it possible to > | drop a NIC into promisc mode (as root) and leave it there? tcpdump can be run as a normal user. I use it all the time to review captures already on disk. However, you won't be able to bind to an interface as a normal user. That's the issue you'll be running into, regardless about the state of promisc mode. You'll need to read up on the bridging and tun/tap capabilities for the kernel. I've used them before, but it seems so infrequent, that I usually lapse memory how to do most of that. (and no, I don't intend to be exhaustive on the issues surrounding the question original asked. if you still have questions about the ethics and legalese of sniffing, be sure to ask.) I am stressing you use caution in this matter. Your attempts to weaken the security in place may or may not cost you now. I don't have any idea what the scope of your project or experiment is - but I hope it's not accessible to the public Internet... Good luck, Scott Edwards -- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
