--- Begin Message ---
On Nov 5, 2020, at 1:04 AM, Vaughan Wickham <v...@zen.net.au> wrote:

> Appreciate all the info that you have provided.
> Although it probably doesn't look like it from my questions; I did actually 
> read some tutorials prior to posting my initial question; and none made 
> reference to the need for:
> sudo setcap cap_net_raw,cap_net_admin+eip {your program} 
> So I'm wondering if you can suggest some reading that I should review to 
> understand the basics of using libpcap.

I suspect most, if not all, tutorials spend little if any time discussing the 
platform-dependent permission issues with capturing traffic with libpcap; they 
probably focus on "how to write code using libpcap", not "how to arrange that 
your program have enough privileges to do something useful with libpcap".

The only discussions I can offer for the "permissions" issue are:

        1) the "capture privileges" page of the Wireshark Wiki:


           and, for your case, this particular subsection of that page:


        2) the main pcap man page:


           in the subsection that begins with "Reading packets from a network 
interface may require that you have special privileges:".

> Also, where can I find an overview of the key differences between version 
> 1.5.3 and the current release?

There isn't one.  In this *particular* case, the difference (which may have 
been introduced before the current 1.9 version) is that pcap_findalldevs() 
(atop which pcap_lookupdev() is built) checks for operability in older releases 
and doesn't do so for newer releases.  However, as noted, the permissions 
required to open a device for capture does *not* differ (and *can't* differ - 
it's a requirement imposed by the OS kernel) between older and newer versions.

--- End Message ---
tcpdump-workers mailing list

Reply via email to