On Fri, Jun 22, 2001 at 01:54:55AM -0700, Manan Sanghi wrote:
> I wish to run tcpdump on a remote machine for which I
> don't have the root access. When I tried to run the
> program I got the following error message :
>
> tcpdump: socket: Operation not permitted
>
> What can I do (or request someone with the root
> permissions to do) so that I may run tcpdump there
> without worrying about any security problems?
Have them install "sudo":
http://www.courtesan.com/sudo/
if it's not already installed (or part of the OS), and have them
configure it to allow you to run tcpdump as root.
(I do not guarantee that this is sufficient to avoid all security
problems. For one thing, it would allow you to sniff for passwords,
which they may not want to allow.)
The OS in question is almost certainly either Linux or Irix; on no other
OS I know of does libpcap use sockets for capturing.
Linux systems with a 2.2 kernel or later have a mechanism to allow
ordinary users to do packet captures; however, that mechanism requires
that the user's processes have the CAP_NET_RAW capability, and I don't
know of any Linux distributions that have userland support for giving
particular accounts particular capabilities, so you will almost
certainly have to run tcpdump as root on a Linux system.
I don't know whether Irix requires you to be root to open a
SOCK_RAW/RAWPROTO_SNOOP socket (if you're running on Irix, presumably it
does), nor do I know whether there's any way to grant non-root users the
ability to do that, so you will almost certainly have to run tcpdump as
root on Irix.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
