[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tcpdump-workers
Subject:    Re: [tcpdump-workers] pcap_lookupdev returning NULL
From:       Guy Harris via tcpdump-workers <tcpdump-workers () lists ! tcpdump ! org>
Date:       2020-11-05 9:20:21
Message-ID: mailman.51.1604568035.2098.tcpdump-workers () lists ! tcpdump ! org
[Download RAW message or body]

Return-Path: <gharris@sonic.net>
Received: from localhost (localhost [127.0.0.1])
	by tuna.sandelman.ca (Postfix) with ESMTP id 7A2DE38BE9
	for <tcpdump-workers@lists.tcpdump.org>; Thu,  5 Nov 2020 04:20:33 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1])
	by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id dHmL5--a_72Y for <tcpdump-workers@lists.tcpdump.org>;
	Thu,  5 Nov 2020 04:20:31 -0500 (EST)
Received: from c.mail.sonic.net (c.mail.sonic.net [64.142.111.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by tuna.sandelman.ca (Postfix) with ESMTPS id 404B938BE0
	for <tcpdump-workers@lists.tcpdump.org>; Thu,  5 Nov 2020 04:20:31 -0500 (EST)
Received: from [192.168.42.85] (173-228-4-241.dsl.dynamic.fusionbroadband.com \
[173.228.4.241])  (authenticated bits=0)
	by c.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id 0A59KMPw024916
	(version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits8 verify=NOT);
	Thu, 5 Nov 2020 01:20:22 -0800
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Subject: Re: [tcpdump-workers] pcap_lookupdev returning NULL
From: Guy Harris <gharris@sonic.net>
In-Reply-To: <SYCPR01MB350141D8731AA828260300E2E1EE0@SYCPR01MB3501.ausprd01.prod.outlook.com>
                
Date: Thu, 5 Nov 2020 01:20:21 -0800
Cc: tcpdump-workers <tcpdump-workers@lists.tcpdump.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <478B6801-933F-4F2A-9C4A-2DCFF7FD6FC7@sonic.net>
References: <mailman.39.1604539850.2098.tcpdump-workers@lists.tcpdump.org>
 <D2B6EE12-9EED-4ABE-AC76-26651605218E@sonic.net>
 <SYCPR01MB350101662A1BD391943C2CC5E1EE0@SYCPR01MB3501.ausprd01.prod.outlook.com>
 <4E6E3074-DC90-4A6B-8433-6C44D7146442@sonic.net>
 <SYCPR01MB350129D5DB8C9A2764AAC6CAE1EE0@SYCPR01MB3501.ausprd01.prod.outlook.com>
 <50D60DFB-B28E-40BA-B616-C0D2FF677763@sonic.net>
 <SYCPR01MB350141D8731AA828260300E2E1EE0@SYCPR01MB3501.ausprd01.prod.outlook.com>
To: Vaughan Wickham <vw@zen.net.au>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Sonic-CAuth: UmFuZG9tSVb8lfcxiJCXGSLVWn5WSjCX6/4ntlVGU+5HiAshhROw5rqUg3xjZVSe4+okFyhhHpjaCtRVg6cqaufj4KoWljLW
                
X-Sonic-ID: C;vsZLIUgf6xGpCZ3Pl+vPsg== M;IEWTIUgf6xGpCZ3Pl+vPsg=X-Sonic-Spam-Details: \
0.0/5.0 by cerberusd

On Nov 5, 2020, at 1:04 AM, Vaughan Wickham <vw@zen.net.au> wrote:

> Appreciate all the info that you have provided.
> 
> Although it probably doesn't look like it from my questions; I did actually read \
> some tutorials prior to posting my initial question; and none made reference to the \
> need for: sudo setcap cap_net_raw,cap_net_admin+eip {your program} 
> 
> So I'm wondering if you can suggest some reading that I should review to understand \
> the basics of using libpcap.

I suspect most, if not all, tutorials spend little if any time discussing the \
platform-dependent permission issues with capturing traffic with libpcap; they \
probably focus on "how to write code using libpcap", not "how to arrange that your \
program have enough privileges to do something useful with libpcap".

The only discussions I can offer for the "permissions" issue are:

	1) the "capture privileges" page of the Wireshark Wiki:

		https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CapturePrivileges

	   and, for your case, this particular subsection of that page:

		https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CapturePrivileges#other-linux-based-systems-or-other-installation-methods


	2) the main pcap man page:

		https://www.tcpdump.org/manpages/pcap.3pcap.html

	   in the subsection that begins with "Reading packets from a network interface may \
require that you have special privileges:".

> Also, where can I find an overview of the key differences between version 1.5.3 and \
> the current release?

There isn't one.  In this *particular* case, the difference (which may have been \
introduced before the current 1.9 version) is that pcap_findalldevs() (atop which \
pcap_lookupdev() is built) checks for operability in older releases and doesn't do so \
for newer releases.  However, as noted, the permissions required to open a device for \
capture does *not* differ (and *can't* differ - it's a requirement imposed by the OS \
kernel) between older and newer versions.


[Attachment #3 (text/plain)]

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic