[tcpdump-workers]

["Jeremy Sheldon" <jeremy_sheldon () hotmail com>]

hello, i'm writing a little program.  this program attempts to monitor the 
linux system (via /proc) to discover if certain specified programs are 
running (just for the logged in user).  if they are, the program then 
attempts to discover if they have any external connections.

for tcp this is easy.  i just use /proc and some netstat code to discover 
the remote address.  however, for udp they are sometimes these "unconnected" 
connections.  so, i'd like the program to sniff a few packets on the udp 
source port gathered and determine the remote IP/port.

naturally, my first thought was libpcap.  i whipped up a quick little 
sniffer that grabs a couple packets and BAM.  it works great... as long as 
you're root.  well, this program shouldn't need root access.

does anyone have suggestions for either 1. how to determine the remote 
ip/port for the udp connection without using the libpcap "sniffer" 
technique?

or 2. how to use libpcap without require the program to run with root 
privlidges?

thank you.
sheldon


-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.