tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pcap_lookupdev returning NULL

From: Guy Harris via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Wed, 4 Nov 2020 21:46:50 -0800
--- Begin Message --- From: Guy Harris <gharris () sonic net>
Date: Wed, 4 Nov 2020 21:46:50 -0800
On Nov 4, 2020, at 9:18 PM, Vaughan Wickham <vw () zen net au> wrote:


Version: libpcap version 1.5.3


That's an older version (CentOS, proudly trailing-edge!), and only returns interfaces that the program can open.

Capturing on Linux generally requires, at minimum, the CAP_NET_RAW privilege, and finding devices might also require 
CAP_NET_ADMIN; root privilege will also work.  As such, you program will, by default, not be able to open *any* capture 
device, so:

        1) if you were using a sufficiently more recent of libpcap, which return interfaces that the program doesn't 
have sufficient privileges to open (so that the user gets a "permission denied" error when trying to capture, which is 
somewhat clear about the underlying problem, rather than just not seeing any devices), you'd get "eth0" but then you'd 
get an error trying to open it (presumably that's why you're calling pcap_lookupdev());

        2) you need to give your program sufficient privileges.

So try doing

        sudo setcap cap_net_raw,cap_net_admin+eip {your program}

and then running the program.  ("cap_net_admin" might not be necessary with 1.5.1.)

--- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: