(The people at LBL are no longer developing or supporting libpcap or
tcpdump; that's now being done by the Tcpdump Group, at
http://www.tcpdump.org/
and the LBL mailing lists are now being forwarded to
"[EMAIL PROTECTED]".)
> Can 2 programs execute both using pcap to capture packets
> from the ethernet interfaces?
Yes.
> Do the programs run in super-user mode?
They only run in super-user mode if you run them in super-user mode. :-)
If you mean "Are they *required* to run in super-user mode?", then:
All they need is CAP_NET_RAW; unfortunately, the user-mode part
of most, if not all, Linux distributions doesn't include a way
to give particular accounts particular capability flags, so, in
practice, they need to run as super-user.
> Do you know if the same restrictions apply to sockets of type
> PF_PACKET?
Given that libpcap uses, err, umm, sockets of type PF_PACKET, and the
privilege restrictions on libpcap are just those of sockets of type
PF_PACKET....
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
