tcpdump mailing list archives

Re: pcap_lookupdev returning NULL

From: Guy Harris via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Thu, 5 Nov 2020 01:20:21 -0800

--- Begin Message --- From: Guy Harris <gharris () sonic net>
Date: Thu, 5 Nov 2020 01:20:21 -0800

On Nov 5, 2020, at 1:04 AM, Vaughan Wickham <vw () zen net au> wrote:

Appreciate all the info that you have provided.

Although it probably doesn't look like it from my questions; I did actually read some tutorials prior to posting my 
initial question; and none made reference to the need for:
sudo setcap cap_net_raw,cap_net_admin+eip {your program} 

So I'm wondering if you can suggest some reading that I should review to understand the basics of using libpcap.


I suspect most, if not all, tutorials spend little if any time discussing the platform-dependent permission issues with 
capturing traffic with libpcap; they probably focus on "how to write code using libpcap", not "how to arrange that your 
program have enough privileges to do something useful with libpcap".

The only discussions I can offer for the "permissions" issue are:

        1) the "capture privileges" page of the Wireshark Wiki:

                https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CapturePrivileges

           and, for your case, this particular subsection of that page:

                
https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CapturePrivileges#other-linux-based-systems-or-other-installation-methods

        2) the main pcap man page:

                https://www.tcpdump.org/manpages/pcap.3pcap.html

           in the subsection that begins with "Reading packets from a network interface may require that you have 
special privileges:".

Also, where can I find an overview of the key differences between version 1.5.3 and the current release?


There isn't one.  In this *particular* case, the difference (which may have been introduced before the current 1.9 
version) is that pcap_findalldevs() (atop which pcap_lookupdev() is built) checks for operability in older releases and 
doesn't do so for newer releases.  However, as noted, the permissions required to open a device for capture does *not* 
differ (and *can't* differ - it's a requirement imposed by the OS kernel) between older and newer versions.

--- End Message ---

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

pcap_lookupdev returning NULL Vaughan Wickham via tcpdump-workers (Nov 04)
- Re: pcap_lookupdev returning NULL Guy Harris via tcpdump-workers (Nov 04)
- Message not available
  - Message not available
    - Re: pcap_lookupdev returning NULL Guy Harris via tcpdump-workers (Nov 04)
- Message not available
  - Message not available
    - Message not available
    - Re: pcap_lookupdev returning NULL Vaughan Wickham via tcpdump-workers (Nov 04)
- Message not available
  - Message not available
    - Message not available
    - Message not available
    - Re: pcap_lookupdev returning NULL Guy Harris via tcpdump-workers (Nov 04)
- Message not available
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: pcap_lookupdev returning NULL Vaughan Wickham via tcpdump-workers (Nov 05)
- Message not available
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: pcap_lookupdev returning NULL Guy Harris via tcpdump-workers (Nov 05)