Re: [tcpdump-workers] pcap_lookupdev returning NULL

2020-11-05 Thread Guy Harris via tcpdump-workers 
--- Begin Message ---
On Nov 5, 2020, at 1:04 AM, Vaughan Wickham  wrote:

> Appreciate all the info that you have provided.
> 
> Although it probably doesn't look like it from my questions; I did actually 
> read some tutorials prior to posting my initial question; and none made 
> reference to the need for:
> sudo setcap cap_net_raw,cap_net_admin+eip {your program} 
> 
> So I'm wondering if you can suggest some reading that I should review to 
> understand the basics of using libpcap.

I suspect most, if not all, tutorials spend little if any time discussing the 
platform-dependent permission issues with capturing traffic with libpcap; they 
probably focus on "how to write code using libpcap", not "how to arrange that 
your program have enough privileges to do something useful with libpcap".

The only discussions I can offer for the "permissions" issue are:

1) the "capture privileges" page of the Wireshark Wiki:


https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CapturePrivileges

   and, for your case, this particular subsection of that page:


https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CapturePrivileges#other-linux-based-systems-or-other-installation-methods

2) the main pcap man page:

https://www.tcpdump.org/manpages/pcap.3pcap.html

   in the subsection that begins with "Reading packets from a network 
interface may require that you have special privileges:".

> Also, where can I find an overview of the key differences between version 
> 1.5.3 and the current release?

There isn't one.  In this *particular* case, the difference (which may have 
been introduced before the current 1.9 version) is that pcap_findalldevs() 
(atop which pcap_lookupdev() is built) checks for operability in older releases 
and doesn't do so for newer releases.  However, as noted, the permissions 
required to open a device for capture does *not* differ (and *can't* differ - 
it's a requirement imposed by the OS kernel) between older and newer versions.--- End Message ---
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] pcap_lookupdev returning NULL

2020-11-05 Thread Vaughan Wickham via tcpdump-workers 
--- Begin Message ---
content filtering: check whitelisting

Hello Guy,

Appreciate all the info that you have provided.

Although it probably doesn't look like it from my questions; I did actually 
read some tutorials prior to posting my initial question; and none made 
reference to the need for:
sudo setcap cap_net_raw,cap_net_admin+eip {your program} 

So I'm wondering if you can suggest some reading that I should review to 
understand the basics of using libpcap.

Also, where can I find an overview of the key differences between version 1.5.3 
and the current release?

Regards,
Vaughan
--- End Message ---
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers