On Feb 5, 2014, at 2:10 AM, Hei Chan <structurech...@yahoo.com> wrote:
> I am new to libpcap, and I am trying to use the following to get the list of > network devices available to libpcap by calling pcap_findalldevs(). > > Manpage mentions, "there may be network devices that cannot be opened by > the process calling pcap_findalldevs(3), because, for example, that process > does not have sufficient privileges to open them for capturing; if so, those > devices will not appear on the list". > > What does "sufficient privileges" mean? That depends on the OS. Root privileges are *probably* sufficient, but are not always necessary. See the part of the pcap(3PCAP) man page: http://www.tcpdump.org/manpages/pcap.3pcap.html that begins with "Reading packets from a network interface may require that you have special privileges:" for OS-dependent information. > If I run the process as sudoer, it sounds like there shouldn't be any > privilege issue. What else will prevent pcap_findalldevs() from returning a > network device on the list? The network device not actually supporting packet capture? For example, the loopback device doesn't support packet capture on Solaris prior to Solaris 11. Some other issues might prevent it; what happens if, with sufficient privileges, you try to open one of the devices that you think should be there but isn't there? In particular, if the attempt to open the device fails, what's the error message returned by libpcap? _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers