hello, i'm writing a little program. this program attempts to monitor the
linux system (via /proc) to discover if certain specified programs are
running (just for the logged in user). if they are, the program then
attempts to discover if they have any external connections.
for tcp this is easy. i just use /proc and some netstat code to discover
the remote address. however, for udp they are sometimes these "unconnected"
connections. so, i'd like the program to sniff a few packets on the udp
source port gathered and determine the remote IP/port.
naturally, my first thought was libpcap. i whipped up a quick little
sniffer that grabs a couple packets and BAM. it works great... as long as
you're root. well, this program shouldn't need root access.
does anyone have suggestions for either 1. how to determine the remote
ip/port for the udp connection without using the libpcap "sniffer"
technique?
or 2. how to use libpcap without require the program to run with root
privlidges?
thank you.
sheldon
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
