Re: non-root pcap capture under Linux

[Gerald Combs <gerald () wireshark org>]

amnon cohen wrote:
> Hi,
> Is there anyway to capture packets without being root on Linux.
> The docs imply that we running with CAP_NET_RAW will do the trick.
> Has anyone managed to get this to work?
> I got stuck when trying to add CAP_NET_RAW to the executable
>
>
> # setcap cap_net_raw my_sniffer_program
> fatal error: Invalid argument
> usage: setcap [-q] [-v] (-r|-|<caps>) <filename> [ ... (-r|-|<capsN>)
> <filenameN> ]

Try "setcap cap_net_raw,cap_net_admin=eip my_sniffer_program":

http://packetlife.net/blog/2010/mar/19/sniffing-wireshark-non-root-user/

If you generate traffic you might need cap_net_broadcast as well.

-- 
Join us for Sharkfest ’10! · Wireshark® Developer and User Conference
Stanford University, June 14-17 · http://www.cacetech.com/sharkfest.10/
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.