The detailed information on privileges need to capture was copied to the

pcap(3CAP) man page; just refer people to that page.

1 files changed, 6 insertions, 77 deletions

diff --git a/tcpdump.1 b/tcpdump.1
index 306509ff..4a329e53 100644
--- a/tcpdump.1
+++ b/tcpdump.1
@@ -1,4 +1,4 @@
-.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.185.2.4 2008-04-06 17:41:59 guy Exp $ (LBL)
+.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.185.2.5 2008-04-10 02:00:57 guy Exp $ (LBL)
 .\"
 .\"	$NetBSD: tcpdump.8,v 1.9 2003/03/31 00:18:17 perry Exp $
 .\"
@@ -181,81 +181,10 @@ default, so you must set it with
 in order to use it) and will continue capturing packets.
 .LP
 Reading packets from a network interface may require that you have
-special privileges:
-.TP
-.B Under SunOS 3.x or 4.x with NIT or BPF:
-You must have read access to
-.I /dev/nit
-or
-.IR /dev/bpf* .
-.TP
-.B Under Solaris with DLPI:
-You must have read/write access to the network pseudo device, e.g.
-.IR /dev/le .
-On at least some versions of Solaris, however, this is not sufficient to
-allow
-.I tcpdump
-to capture in promiscuous mode; on those versions of Solaris, you must
-be root, or
-.I tcpdump
-must be installed setuid to root, in order to capture in promiscuous
-mode.  Note that, on many (perhaps all) interfaces, if you don't capture
-in promiscuous mode, you will not see any outgoing packets, so a capture
-not done in promiscuous mode may not be very useful.
-.TP
-.B Under HP-UX with DLPI:
-You must be root or
-.I tcpdump
-must be installed setuid to root.
-.TP
-.B Under IRIX with snoop:
-You must be root or
-.I tcpdump
-must be installed setuid to root.
-.TP
-.B Under Linux:
-You must be root or
-.I tcpdump
-must be installed setuid to root (unless your distribution has a kernel
-that supports capability bits such as CAP_NET_RAW and code to allow
-those capability bits to be given to particular accounts and to cause
-those bits to be set on a user's initial processes when they log in, in
-which case you  must have CAP_NET_RAW in order to capture and
-CAP_NET_ADMIN to enumerate network devices with, for example, the
-.B \-D
-flag).
-.TP
-.B Under ULTRIX and Digital UNIX/Tru64 UNIX:
-Any user may capture network traffic with
-.IR tcpdump .
-However, no user (not even the super-user) can capture in promiscuous
-mode on an interface unless the super-user has enabled promiscuous-mode
-operation on that interface using
-.IR pfconfig (8),
-and no user (not even the super-user) can capture unicast traffic
-received by or sent by the machine on an interface unless the super-user
-has enabled copy-all-mode operation on that interface using
-.IR pfconfig ,
-so
-.I useful
-packet capture on an interface probably requires that either
-promiscuous-mode or copy-all-mode operation, or both modes of
-operation, be enabled on that interface.
-.TP
-.B Under BSD (this includes Mac OS X):
-You must have read access to
-.I /dev/bpf*
-on systems that don't have a cloning BPF device, or to
-.I /dev/bpf
-on systems that do.
-On BSDs with a devfs (this includes Mac OS X), this might involve more
-than just having somebody with super-user access setting the ownership
-or permissions on the BPF devices - it might involve configuring devfs
-to set the ownership or permissions every time the system is booted,
-if the system even supports that; if it doesn't support that, you might
-have to find some other way to make that happen at boot time.
-.LP
-Reading a saved packet file doesn't require special privileges.
+special privileges; see the
+.B pcap (3PCAP)
+man page for details.  Reading a saved packet file doesn't require
+special privileges.
 .SH OPTIONS
 .TP
 .B \-A
@@ -1681,7 +1610,7 @@ is made to account for the time lag between when the
 Ethernet interface removed the packet from the wire and when the kernel
 serviced the `new packet' interrupt.
 .SH "SEE ALSO"
-stty(1), pcap(3PCAP), pcap-filter(4), bpf(4), nit(4P), pfconfig(8)
+stty(1), pcap(3PCAP), pcap-filter(4), bpf(4), nit(4P)
 .SH AUTHORS
 The original authors are:
 .LP