Yes, you have to be root.
Or, to quote the fine man page (note the "Under Linux" section):
-----
DESCRIPTION
Tcpdump prints out the headers of packets on a network
interface that match the boolean expression.
Under SunOS with nit or bpf: To run tcpdump you must have
read access to /dev/nit or /dev/bpf*. Under Solaris with
dlpi: You must have read/write access to the network
pseudo device, e.g. /dev/le. Under HP-UX with dlpi: You
must be root or it must be installed setuid to root.
Under IRIX with snoop: You must be root or it must be
installed setuid to root. Under Linux: You must be root
or it must be installed setuid to root. Under Ultrix and
Digital UNIX: Once the super-user has enabled promiscuous-
mode operation using pfconfig(8), any user may run tcp-
dump. Under BSD: You must have read access to /dev/bpf*.
-----
-- Steve
On Wed, 26 Feb 2003, Jeff Wong jwong-at-high-tower.com |TCPdump Workers| wrote:
> Hello,
> I am running on a linux system.
> I am trying to execute the command pcap_open_live and I'm getting the
> error socket: Operation not permitted in my errorbuffer.
> I am running as a regular user and I'm not sure if I have to be root
> instead.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]
