tcpdump mailing list archives
Re: pcap_findalldevs
From: Guy Harris <guy () alum mit edu>
Date: Wed, 5 Feb 2014 02:28:02 -0800
On Feb 5, 2014, at 2:10 AM, Hei Chan <structurechart () yahoo com> wrote:
I am new to libpcap, and I am trying to use the following to get the list of network devices available to libpcap by calling pcap_findalldevs(). Manpage mentions, "there may be network devices that cannot be opened by the process calling pcap_findalldevs(3), because, for example, that process does not have sufficient privileges to open them for capturing; if so, those devices will not appear on the list". What does "sufficient privileges" mean?
That depends on the OS. Root privileges are *probably* sufficient, but are not always necessary. See the part of the pcap(3PCAP) man page: http://www.tcpdump.org/manpages/pcap.3pcap.html that begins with "Reading packets from a network interface may require that you have special privileges:" for OS-dependent information.
If I run the process as sudoer, it sounds like there shouldn't be any privilege issue. What else will prevent pcap_findalldevs() from returning a network device on the list?
The network device not actually supporting packet capture? For example, the loopback device doesn't support packet capture on Solaris prior to Solaris 11. Some other issues might prevent it; what happens if, with sufficient privileges, you try to open one of the devices that you think should be there but isn't there? In particular, if the attempt to open the device fails, what's the error message returned by libpcap? _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- pcap_findalldevs Hei Chan (Feb 05)
- Re: pcap_findalldevs Guy Harris (Feb 05)