On Sun, Nov 04, 2001 at 04:16:04PM +1030, Richard Sharpe wrote: > Only root can open raw and packet sockets, although, under Linux, you > can probably do it if you have CAP_<something or other> :-)
If you're not on Linux, you don't have packet sockets, so even if you're root you can't open packet sockets. That's why I spoke of "whatever raw packet I/O mechanism your OS has"; on Linux, it's PF_PACKET sockets, but on BSD, it's BPF, and on Solaris and some other systems, it's DLPI, and so on. (If it's Windows, the OS doesn't have a native mechanism available from userland, as far as I know, which is why WinPcap comes with drivers and libraries that implement a low-level mechanism atop which WinPcap runs.) - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
