diff options
author | guy <guy> | 2008-04-10 02:00:57 +0000 |
---|---|---|
committer | guy <guy> | 2008-04-10 02:00:57 +0000 |
commit | 22894b40e411ba3c82cd75e466e785b780e70238 (patch) | |
tree | b9168aafef142a50c4eff961e225f3cbcbf778c9 | |
parent | 055db4a15758abcd5f930bd5bb99cecc1026267c (diff) | |
download | tcpdump-22894b40e411ba3c82cd75e466e785b780e70238.tar.gz |
The detailed information on privileges need to capture was copied to the
pcap(3CAP) man page; just refer people to that page.
-rw-r--r-- | tcpdump.1 | 83 |
1 files changed, 6 insertions, 77 deletions
@@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.185.2.4 2008-04-06 17:41:59 guy Exp $ (LBL) +.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.185.2.5 2008-04-10 02:00:57 guy Exp $ (LBL) .\" .\" $NetBSD: tcpdump.8,v 1.9 2003/03/31 00:18:17 perry Exp $ .\" @@ -181,81 +181,10 @@ default, so you must set it with in order to use it) and will continue capturing packets. .LP Reading packets from a network interface may require that you have -special privileges: -.TP -.B Under SunOS 3.x or 4.x with NIT or BPF: -You must have read access to -.I /dev/nit -or -.IR /dev/bpf* . -.TP -.B Under Solaris with DLPI: -You must have read/write access to the network pseudo device, e.g. -.IR /dev/le . -On at least some versions of Solaris, however, this is not sufficient to -allow -.I tcpdump -to capture in promiscuous mode; on those versions of Solaris, you must -be root, or -.I tcpdump -must be installed setuid to root, in order to capture in promiscuous -mode. Note that, on many (perhaps all) interfaces, if you don't capture -in promiscuous mode, you will not see any outgoing packets, so a capture -not done in promiscuous mode may not be very useful. -.TP -.B Under HP-UX with DLPI: -You must be root or -.I tcpdump -must be installed setuid to root. -.TP -.B Under IRIX with snoop: -You must be root or -.I tcpdump -must be installed setuid to root. -.TP -.B Under Linux: -You must be root or -.I tcpdump -must be installed setuid to root (unless your distribution has a kernel -that supports capability bits such as CAP_NET_RAW and code to allow -those capability bits to be given to particular accounts and to cause -those bits to be set on a user's initial processes when they log in, in -which case you must have CAP_NET_RAW in order to capture and -CAP_NET_ADMIN to enumerate network devices with, for example, the -.B \-D -flag). -.TP -.B Under ULTRIX and Digital UNIX/Tru64 UNIX: -Any user may capture network traffic with -.IR tcpdump . -However, no user (not even the super-user) can capture in promiscuous -mode on an interface unless the super-user has enabled promiscuous-mode -operation on that interface using -.IR pfconfig (8), -and no user (not even the super-user) can capture unicast traffic -received by or sent by the machine on an interface unless the super-user -has enabled copy-all-mode operation on that interface using -.IR pfconfig , -so -.I useful -packet capture on an interface probably requires that either -promiscuous-mode or copy-all-mode operation, or both modes of -operation, be enabled on that interface. -.TP -.B Under BSD (this includes Mac OS X): -You must have read access to -.I /dev/bpf* -on systems that don't have a cloning BPF device, or to -.I /dev/bpf -on systems that do. -On BSDs with a devfs (this includes Mac OS X), this might involve more -than just having somebody with super-user access setting the ownership -or permissions on the BPF devices - it might involve configuring devfs -to set the ownership or permissions every time the system is booted, -if the system even supports that; if it doesn't support that, you might -have to find some other way to make that happen at boot time. -.LP -Reading a saved packet file doesn't require special privileges. +special privileges; see the +.B pcap (3PCAP) +man page for details. Reading a saved packet file doesn't require +special privileges. .SH OPTIONS .TP .B \-A @@ -1681,7 +1610,7 @@ is made to account for the time lag between when the Ethernet interface removed the packet from the wire and when the kernel serviced the `new packet' interrupt. .SH "SEE ALSO" -stty(1), pcap(3PCAP), pcap-filter(4), bpf(4), nit(4P), pfconfig(8) +stty(1), pcap(3PCAP), pcap-filter(4), bpf(4), nit(4P) .SH AUTHORS The original authors are: .LP |