tcpdump mailing list archives

Re: non-root pcap capture under Linux

From: Luca Bruno <lucab () debian org>
Date: Fri, 9 Apr 2010 20:20:39 +0200

amnon cohen scrisse:

Hi,
Is there anyway to capture packets without being root on Linux.
The docs imply that we running with CAP_NET_RAW will do the trick.
Has anyone managed to get this to work?
I got stuck when trying to add CAP_NET_RAW to the executable


# setcap cap_net_raw my_sniffer_program
fatal error: Invalid argument
usage: setcap [-q] [-v] (-r|-|<caps>) <filename> [ ... (-r|-|<capsN>)
<filenameN> ]


You are missing declaration of modes for that capability.
You'd probably want to do something like
`setcap cap_net_raw,cap_net_admin=eip your_sniffer`

see `man 3 cap_from_text` for full details.

Ciao, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.    | lucab (AT) debian.org
`. `'`                          | GPG Key ID: 3BFB9FB3
  `-     http://www.debian.org  | Debian GNU/Linux Developer

Attachment: _bin
Description:

Current thread:

non-root pcap capture under Linux amnon cohen (Apr 09)
- Re: non-root pcap capture under Linux Luca Bruno (Apr 09)
- Re: non-root pcap capture under Linux Gerald Combs (Apr 09)