tcpdump mailing list archives

Re: pcap_lookupdev returning NULL

From: Guy Harris via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Wed, 4 Nov 2020 23:10:21 -0800

--- Begin Message --- From: Guy Harris <gharris () sonic net>
Date: Wed, 4 Nov 2020 23:10:21 -0800

On Nov 4, 2020, at 10:26 PM, Vaughan Wickham <vw () zen net au> wrote:

In regards to your latest comments regarding

sudo setcap cap_net_raw,cap_net_admin+eip {your program}

Are you saying that I need to compile my program and then start the compiled version with these arguments, from a 
terminal?


No.

You need to compile your program (within the IDE or on the command line), execute, on the command line, the command

        sudo setcap cap_net_raw,cap_net_admin+eip {your program}

where {your program} is the path to the executable that was built, and then you can run the program from the command 
line or from the IDE.

Alternatively, while I've been happy using CentOS as a development environment up until now. As I'm planning on doing 
some work with pcap; if there is a "better" distro for doing pcap development I'm more than happy to build another 
development system using whatever flavour is easiest to develop with.


Note that, as I said, getting a newer version of libpcap will *not* remove the requirement that you run your program 
with special privileges; all it means is that pcap_lookupdev() will not require the special privileges, but if you plan 
to *open* the device that it returns, your program will have to run with, at minimum, the cap_net_raw privileges.

And all that choosing a distribution other than CentOS will do is perhaps change the libpcap version.

Basically I would like to be able build and execute within the IDE.


Unless you can arrange that the IDE run a special command, *as root*, as part of the build process, you won't be able 
to do everything within the IDE>

The command in question is "setcap cap_net_raw,cap_net_admin+eip {the program that was built}".  It will have to ask 
you for root privileges, which means that, if you want to avoid the command line, the IDE will have to run some GUI 
program that asks for your password, or the password of somebody with rights to run a program as root (that's what 
sudo, on the command line, does, but I don't know whether any version of sudo can do a GUI prompt when not run on the 
command line) and then run a command as root.

You will also have to have whatever privileges sudo, or the GUI program, requires you to have in order for it to allow 
you to run a program as root.

--- End Message ---

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

pcap_lookupdev returning NULL Vaughan Wickham via tcpdump-workers (Nov 04)
- Re: pcap_lookupdev returning NULL Guy Harris via tcpdump-workers (Nov 04)
- Message not available
  - Message not available
    - Re: pcap_lookupdev returning NULL Guy Harris via tcpdump-workers (Nov 04)
- Message not available
  - Message not available
    - Message not available
    - Re: pcap_lookupdev returning NULL Vaughan Wickham via tcpdump-workers (Nov 04)
- Message not available
  - Message not available
    - Message not available
    - Message not available
    - Re: pcap_lookupdev returning NULL Guy Harris via tcpdump-workers (Nov 04)
- Message not available
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: pcap_lookupdev returning NULL Vaughan Wickham via tcpdump-workers (Nov 05)
- Message not available
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: pcap_lookupdev returning NULL Guy Harris via tcpdump-workers (Nov 05)