Ethereal-dev: Re: [Ethereal-dev] unable to capture traffic
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Guy Harris" <gharris@xxxxxxxxx>
Date: Mon, 1 Nov 2004 15:16:16 -0800 (PST)
Nigam, Atul said:
> I am using ethereal on solaris 2.8 ultra 60 platform and I can capture
> traffic when i login as a root but not with other accounts. Even when I
> gave root permission to other account
What do you mean by "gave root permission to other account"?
Do you mean that you allowed that account to "su" to root?
> I am unable to capture traffic. When
> I try to capture i don't get any interface. If I type an interface say
> "hme1", I get an error message -
> " The capture session could not be initiated (/dev/hme:permission denied).
> Please check to make sure you have sufficient permissions, and that you
> have the proper interface or pipr specified.
You don't have sufficient permissions if you're not running as root. To
quote the tcpdump man page (which also applies to Ethereal and Tethereal,
as they use the same mechanism to capture packets):
Reading packets from a network interface may require that you have
spe-
cial privileges:
Under SunOS 3.x or 4.x with NIT or BPF:
You must have read access to /dev/nit or /dev/bpf*.
Under Solaris with DLPI:
You must have read/write access to the network pseudo
device,
e.g. /dev/le. On at least some versions of Solaris,
however,
this is not sufficient to allow tcpdump to capture in
promiscu-
ous mode; on those versions of Solaris, you must be root,
or
tcpdump must be installed setuid to root, in order to
capture in
promiscuous mode. Note that, on many (perhaps all)
interfaces,
if you don't capture in promiscuous mode, you will not see
any
outgoing packets, so a capture not done in promiscuous mode
may
not be very useful.
Under HP-UX with DLPI:
You must be root or tcpdump must be installed setuid to root.
Under IRIX with snoop:
You must be root or tcpdump must be installed setuid to root.
Under Linux:
You must be root or tcpdump must be installed setuid to
root
(unless your distribution has a kernel that supports
capability
bits such as CAP_NET_RAW and code to allow those capability
bits
to be given to particular accounts and to cause those bits
to be
set on a user's initial processes when they log in, in
which
case you must have CAP_NET_RAW in order to capture
and
CAP_NET_ADMIN to enumerate network devices with, for
example,
the -D flag).
Under ULTRIX and Digital UNIX/Tru64 UNIX:
Any user may capture network traffic with tcpdump. However,
no
user (not even the super-user) can capture in promiscuous
mode
on an interface unless the super-user has enabled
promiscuous-
mode operation on that interface using pfconfig(8), and no
user
(not even the super-user) can capture unicast traffic
received
by or sent by the machine on an interface unless the
super-user
has enabled copy-all-mode operation on that interface
using
pfconfig, so useful packet capture on an interface
probably
requires that either promiscuous-mode or copy-all-mode
opera-
tion, or both modes of operation, be enabled on that
interface.
Under BSD (this includes Mac OS X):
You must have read access to /dev/bpf*. On BSDs with a
devfs
(this includes Mac OS X), this might involve more than just
hav-
ing somebody with super-user access setting the ownership
or
permissions on the BPF devices - it might involve
configuring
devfs to set the ownership or permissions every time the
system
is booted, if the system even supports that; if it doesn't
sup-
port that, you might have to find some other way to make
that
happen at boot time.
- References:
- [Ethereal-dev] unable to capture traffic
- From: Nigam, Atul
- [Ethereal-dev] unable to capture traffic
- Prev by Date: [Ethereal-dev] Possible issue with 10.7
- Next by Date: Re: [Ethereal-dev] Problems encountered writing frame-tap
- Previous by thread: [Ethereal-dev] unable to capture traffic
- Next by thread: [Ethereal-dev] New GSM MAP files based on the asn2eth compiler.
- Index(es):
