--- Begin Message ---
On Nov 4, 2020, at 9:18 PM, Vaughan Wickham <v...@zen.net.au> wrote:

> Version: libpcap version 1.5.3

That's an older version (CentOS, proudly trailing-edge!), and only returns 
interfaces that the program can open.

Capturing on Linux generally requires, at minimum, the CAP_NET_RAW privilege, 
and finding devices might also require CAP_NET_ADMIN; root privilege will also 
work.  As such, you program will, by default, not be able to open *any* capture 
device, so:

        1) if you were using a sufficiently more recent of libpcap, which 
return interfaces that the program doesn't have sufficient privileges to open 
(so that the user gets a "permission denied" error when trying to capture, 
which is somewhat clear about the underlying problem, rather than just not 
seeing any devices), you'd get "eth0" but then you'd get an error trying to 
open it (presumably that's why you're calling pcap_lookupdev());

        2) you need to give your program sufficient privileges.

So try doing

        sudo setcap cap_net_raw,cap_net_admin+eip {your program}

and then running the program.  ("cap_net_admin" might not be necessary with 

--- End Message ---
tcpdump-workers mailing list

Reply via email to