On Feb 5, 2014, at 2:10 AM, Hei Chan <structurech...@yahoo.com> wrote:
> I am new to libpcap, and I am trying to use the following to get the list of
> network devices available to libpcap by calling pcap_findalldevs().
>
> Manpage mentions, "there may be network devices that cannot be opened by
> the process calling pcap_findalldevs(3), because, for example, that process
> does not have sufficient privileges to open them for capturing; if so, those
> devices will not appear on the list".
>
> What does "sufficient privileges" mean?
That depends on the OS. Root privileges are *probably* sufficient, but are not
always necessary. See the part of the pcap(3PCAP) man page:
http://www.tcpdump.org/manpages/pcap.3pcap.html
that begins with "Reading packets from a network interface may require that you
have special privileges:" for OS-dependent information.
> If I run the process as sudoer, it sounds like there shouldn't be any
> privilege issue. What else will prevent pcap_findalldevs() from returning a
> network device on the list?
The network device not actually supporting packet capture? For example, the
loopback device doesn't support packet capture on Solaris prior to Solaris 11.
Some other issues might prevent it; what happens if, with sufficient
privileges, you try to open one of the devices that you think should be there
but isn't there? In particular, if the attempt to open the device fails,
what's the error message returned by libpcap?
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
