[tcpdump-workers] pcap_lookupdev returning NULL
--- Begin Message ---
Hello,
I am a pcap newbie, so this is certain to be a mistake on my part; I'm just
looking for advice on where to look.
When I run the following code:
#include
#include
#include
int main(int argc, char *argv[])
{
char *dev, errbuf[PCAP_ERRBUF_SIZE];
dev = pcap_lookupdev(errbuf);
if (dev == NULL)
{
fprintf(stderr, "Couldn't find
default device: %s\n", errbuf);
return(2);
}
printf("Device: %s\n", dev);
return(0);
}
dev == NULL
dev should be eth0
I'm using CentOS v7
The following packages are installed
* libpcap.x86_64
* libpcap-devel.x86_64
Would appreciate suggestions on what else to check / try?
Regards,
Vaughan
--- End Message ---
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] pcap_lookupdev returning NULL
--- Begin Message ---
What happens if you put
printf("Version: %s\n", pcap_lib_version());
before the pcap_lookupdev() call?
It won't fix the pcap_lookupdev() call not to return NULL, but it'll indicate
what version of libpcap your program is using, which might help determine what
the problem is. Let us know what the "Version:" output is.--- End Message ---
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] pcap_lookupdev returning NULL
--- Begin Message ---
On Nov 4, 2020, at 9:18 PM, Vaughan Wickham wrote:
> Version: libpcap version 1.5.3
That's an older version (CentOS, proudly trailing-edge!), and only returns
interfaces that the program can open.
Capturing on Linux generally requires, at minimum, the CAP_NET_RAW privilege,
and finding devices might also require CAP_NET_ADMIN; root privilege will also
work. As such, you program will, by default, not be able to open *any* capture
device, so:
1) if you were using a sufficiently more recent of libpcap, which
return interfaces that the program doesn't have sufficient privileges to open
(so that the user gets a "permission denied" error when trying to capture,
which is somewhat clear about the underlying problem, rather than just not
seeing any devices), you'd get "eth0" but then you'd get an error trying to
open it (presumably that's why you're calling pcap_lookupdev());
2) you need to give your program sufficient privileges.
So try doing
sudo setcap cap_net_raw,cap_net_admin+eip {your program}
and then running the program. ("cap_net_admin" might not be necessary with
1.5.1.)--- End Message ---
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] pcap_lookupdev returning NULL
--- Begin Message ---
content filtering: check whitelisting
Hello Guy,
In regards to your latest comments regarding
sudo setcap cap_net_raw,cap_net_admin+eip {your program}
Are you saying that I need to compile my program and then start the compiled
version with these arguments, from a terminal?
Or is there a way that I can pass these arguments within the IDE?
Alternatively, while I've been happy using CentOS as a development environment
up until now. As I'm planning on doing some work with pcap; if there is a
"better" distro for doing pcap development I'm more than happy to build another
development system using whatever flavour is easiest to develop with.
Basically I would like to be able build and execute within the IDE.
Regards,
Vaughan
--- End Message ---
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] pcap_lookupdev returning NULL
--- Begin Message ---
On Nov 4, 2020, at 10:26 PM, Vaughan Wickham wrote:
> In regards to your latest comments regarding
>
> sudo setcap cap_net_raw,cap_net_admin+eip {your program}
>
> Are you saying that I need to compile my program and then start the compiled
> version with these arguments, from a terminal?
No.
You need to compile your program (within the IDE or on the command line),
execute, on the command line, the command
sudo setcap cap_net_raw,cap_net_admin+eip {your program}
where {your program} is the path to the executable that was built, and then you
can run the program from the command line or from the IDE.
> Alternatively, while I've been happy using CentOS as a development
> environment up until now. As I'm planning on doing some work with pcap; if
> there is a "better" distro for doing pcap development I'm more than happy to
> build another development system using whatever flavour is easiest to develop
> with.
Note that, as I said, getting a newer version of libpcap will *not* remove the
requirement that you run your program with special privileges; all it means is
that pcap_lookupdev() will not require the special privileges, but if you plan
to *open* the device that it returns, your program will have to run with, at
minimum, the cap_net_raw privileges.
And all that choosing a distribution other than CentOS will do is perhaps
change the libpcap version.
> Basically I would like to be able build and execute within the IDE.
Unless you can arrange that the IDE run a special command, *as root*, as part
of the build process, you won't be able to do everything within the IDE>
The command in question is "setcap cap_net_raw,cap_net_admin+eip {the program
that was built}". It will have to ask you for root privileges, which means
that, if you want to avoid the command line, the IDE will have to run some GUI
program that asks for your password, or the password of somebody with rights to
run a program as root (that's what sudo, on the command line, does, but I don't
know whether any version of sudo can do a GUI prompt when not run on the
command line) and then run a command as root.
You will also have to have whatever privileges sudo, or the GUI program,
requires you to have in order for it to allow you to run a program as root.--- End Message ---
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
