Re: pcap_findalldevs

[Guy Harris <guy () alum mit edu>]

On Feb 5, 2014, at 2:10 AM, Hei Chan <structurechart () yahoo com> wrote:

> I am new to libpcap, and I am trying to use the following to get the list of network devices available to libpcap by 
> calling pcap_findalldevs().
>
> Manpage mentions, "there may be network devices that cannot be  opened  by  the process  calling pcap_findalldevs(3), 
> because, for example, that process does not have sufficient privileges to open them for capturing; if  so, those 
> devices will not appear on the list".
>
> What does "sufficient privileges" mean?

That depends on the OS.  Root privileges are *probably* sufficient, but are not always necessary.  See the part of the 
pcap(3PCAP) man page:

        http://www.tcpdump.org/manpages/pcap.3pcap.html

that begins with "Reading packets from a network interface may require that you have special privileges:" for 
OS-dependent information.

> If I run the process as sudoer, it sounds like there shouldn't be any privilege issue.  What else will prevent 
> pcap_findalldevs() from returning a network device on the list?

The network device not actually supporting packet capture?  For example, the loopback device doesn't support packet 
capture on Solaris prior to Solaris 11.

Some other issues might prevent it; what happens if, with sufficient privileges, you try to open one of the devices 
that you think should be there but isn't there?  In particular, if the attempt to open the device fails, what's the 
error message returned by libpcap?

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers