Hello,
The INSTALL file says:
In order to run the toolkit as a normal user, set the following privilege
separation after the build/installation:
$ sudo setcap cap_net_raw,cap_ipc_lock,cap_net_admin=eip {toolname}
So I ran the following:
sudo setcap cap_net_raw,cap_ipc_lock,cap_net_admin=eip /usr/sbin/netsniff-ng
I'm then able to sniff as a non-root user using something like:
netsniff-ng -i eth0
However, if I try to write to disk using something like:
netsniff-ng -i eth0 -o /tmp
I get the following error:
Failed to set io prio for pid!
I see that there is a priority option (which I haven't enabled):
-H|--prio-high Make this high priority process
Does netsniff-ng try to change the priority by default when writing to disk?
Is this is a bug, or do I need to alter my setcap command?
Thanks,
--
Doug Burks
http://securityonion.blogspot.com
--
