[prev in list] [next in list] [prev in thread] [next in thread]
List: tcpdump-workers
Subject: Re: [tcpdump-workers] pcap_lookupdev returning NULL
From: Guy Harris via tcpdump-workers <tcpdump-workers () lists ! tcpdump ! org>
Date: 2020-11-05 9:20:21
Message-ID: mailman.51.1604568035.2098.tcpdump-workers () lists ! tcpdump ! org
[Download RAW message or body]
Return-Path: <gharris@sonic.net>
Received: from localhost (localhost [127.0.0.1])
by tuna.sandelman.ca (Postfix) with ESMTP id 7A2DE38BE9
for <tcpdump-workers@lists.tcpdump.org>; Thu, 5 Nov 2020 04:20:33 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1])
by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id dHmL5--a_72Y for <tcpdump-workers@lists.tcpdump.org>;
Thu, 5 Nov 2020 04:20:31 -0500 (EST)
Received: from c.mail.sonic.net (c.mail.sonic.net [64.142.111.80])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by tuna.sandelman.ca (Postfix) with ESMTPS id 404B938BE0
for <tcpdump-workers@lists.tcpdump.org>; Thu, 5 Nov 2020 04:20:31 -0500 (EST)
Received: from [192.168.42.85] (173-228-4-241.dsl.dynamic.fusionbroadband.com \
[173.228.4.241]) (authenticated bits=0)
by c.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id 0A59KMPw024916
(version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits8 verify=NOT);
Thu, 5 Nov 2020 01:20:22 -0800
Content-Type: text/plain;
charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Subject: Re: [tcpdump-workers] pcap_lookupdev returning NULL
From: Guy Harris <gharris@sonic.net>
In-Reply-To: <SYCPR01MB350141D8731AA828260300E2E1EE0@SYCPR01MB3501.ausprd01.prod.outlook.com>
Date: Thu, 5 Nov 2020 01:20:21 -0800
Cc: tcpdump-workers <tcpdump-workers@lists.tcpdump.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <478B6801-933F-4F2A-9C4A-2DCFF7FD6FC7@sonic.net>
References: <mailman.39.1604539850.2098.tcpdump-workers@lists.tcpdump.org>
<D2B6EE12-9EED-4ABE-AC76-26651605218E@sonic.net>
<SYCPR01MB350101662A1BD391943C2CC5E1EE0@SYCPR01MB3501.ausprd01.prod.outlook.com>
<4E6E3074-DC90-4A6B-8433-6C44D7146442@sonic.net>
<SYCPR01MB350129D5DB8C9A2764AAC6CAE1EE0@SYCPR01MB3501.ausprd01.prod.outlook.com>
<50D60DFB-B28E-40BA-B616-C0D2FF677763@sonic.net>
<SYCPR01MB350141D8731AA828260300E2E1EE0@SYCPR01MB3501.ausprd01.prod.outlook.com>
To: Vaughan Wickham <vw@zen.net.au>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Sonic-CAuth: UmFuZG9tSVb8lfcxiJCXGSLVWn5WSjCX6/4ntlVGU+5HiAshhROw5rqUg3xjZVSe4+okFyhhHpjaCtRVg6cqaufj4KoWljLW
X-Sonic-ID: C;vsZLIUgf6xGpCZ3Pl+vPsg== M;IEWTIUgf6xGpCZ3Pl+vPsg=X-Sonic-Spam-Details: \
0.0/5.0 by cerberusd
On Nov 5, 2020, at 1:04 AM, Vaughan Wickham <vw@zen.net.au> wrote:
> Appreciate all the info that you have provided.
>
> Although it probably doesn't look like it from my questions; I did actually read \
> some tutorials prior to posting my initial question; and none made reference to the \
> need for: sudo setcap cap_net_raw,cap_net_admin+eip {your program}
>
> So I'm wondering if you can suggest some reading that I should review to understand \
> the basics of using libpcap.
I suspect most, if not all, tutorials spend little if any time discussing the \
platform-dependent permission issues with capturing traffic with libpcap; they \
probably focus on "how to write code using libpcap", not "how to arrange that your \
program have enough privileges to do something useful with libpcap".
The only discussions I can offer for the "permissions" issue are:
1) the "capture privileges" page of the Wireshark Wiki:
https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CapturePrivileges
and, for your case, this particular subsection of that page:
https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CapturePrivileges#other-linux-based-systems-or-other-installation-methods
2) the main pcap man page:
https://www.tcpdump.org/manpages/pcap.3pcap.html
in the subsection that begins with "Reading packets from a network interface may \
require that you have special privileges:".
> Also, where can I find an overview of the key differences between version 1.5.3 and \
> the current release?
There isn't one. In this *particular* case, the difference (which may have been \
introduced before the current 1.9 version) is that pcap_findalldevs() (atop which \
pcap_lookupdev() is built) checks for operability in older releases and doesn't do so \
for newer releases. However, as noted, the permissions required to open a device for \
capture does *not* differ (and *can't* differ - it's a requirement imposed by the OS \
kernel) between older and newer versions.
[Attachment #3 (text/plain)]
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic