Re: Capturing without having superuser rights

[Gerald Combs <gerald () wireshark org>]

Under Linux you can use POSIX capabilities to capture as non-root.
CAP_NET_RAW lets you capture, and CAP_NET_ADMIN lets you use promiscuous
mode.

Damien ANCELIN wrote:
> To give you more informations :
> - "metrology platform" will be a computer that can be used by many users
> to capture packets (coming from a mirroring port of a switch).
> - It's currently running on an linux debian.
>
> It seems there is no common manner to do this in a simple way (I will
> have a look on that kernel patch).
>
> Thanks for your help
> Damien
>
> sthaug () nethelp no a écrit :
> > > > As I'm developping on libpcap to provide a metrology plateform, I was
> > > > wondering if there is a manner to enable a specific user (or a specific
> > > > group) to capture from a network interfaces (even in promiscuous mode),
> > > > without using sudo.
> > > > I'm trying to do this with udev, but I'm not shure it can works.
> > > >
> > > > Does anybody have an idea ?
> > > >       
> > > Depends on the platform you are on.  On FreeBSD all you need is read
> > > write permission to the /dev/bpf* devices.
> > >     
> >
> > And for *capturing* you really only need read permission.
> >
> > Steinar Haug, Nethelp consulting, sthaug () nethelp no
> > -
> > This is the tcpdump-workers list.
> > Visit https://cod.sandelman.ca/ to unsubscribe.
> >   

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.