--- Begin Message ---
On Nov 5, 2020, at 1:04 AM, Vaughan Wickham wrote:
> Appreciate all the info that you have provided.
>
> Although it probably doesn't look like it from my questions; I did actually
> read some tutorials prior to posting my initial question; and none made
> reference to the need for:
> sudo setcap cap_net_raw,cap_net_admin+eip {your program}
>
> So I'm wondering if you can suggest some reading that I should review to
> understand the basics of using libpcap.
I suspect most, if not all, tutorials spend little if any time discussing the
platform-dependent permission issues with capturing traffic with libpcap; they
probably focus on "how to write code using libpcap", not "how to arrange that
your program have enough privileges to do something useful with libpcap".
The only discussions I can offer for the "permissions" issue are:
1) the "capture privileges" page of the Wireshark Wiki:
https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CapturePrivileges
and, for your case, this particular subsection of that page:
https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CapturePrivileges#other-linux-based-systems-or-other-installation-methods
2) the main pcap man page:
https://www.tcpdump.org/manpages/pcap.3pcap.html
in the subsection that begins with "Reading packets from a network
interface may require that you have special privileges:".
> Also, where can I find an overview of the key differences between version
> 1.5.3 and the current release?
There isn't one. In this *particular* case, the difference (which may have
been introduced before the current 1.9 version) is that pcap_findalldevs()
(atop which pcap_lookupdev() is built) checks for operability in older releases
and doesn't do so for newer releases. However, as noted, the permissions
required to open a device for capture does *not* differ (and *can't* differ -
it's a requirement imposed by the OS kernel) between older and newer versions.--- End Message ---
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers