Re: Packet sniffing & regular users
> On Wed, Mar 02, 2005 at 04:14:51PM -0500, Brian Kim wrote:
> | Getting back to the problem at hand, is it required to be a superuser
> | in order to listen to all traffic coming in on a NIC? (I've always
when binding to the NIC, yes.
> | believed yes, but I'm just making sure here....) And is it possible to
> | drop a NIC into promisc mode (as root) and leave it there?
tcpdump can be run as a normal user. I use it all the time to review
captures already on disk. However, you won't be able to bind to an
interface as a normal user. That's the issue you'll be running into,
regardless about the state of promisc mode.
You'll need to read up on the bridging and tun/tap capabilities for
the kernel. I've used them before, but it seems so infrequent, that I
usually lapse memory how to do most of that.
(and no, I don't intend to be exhaustive on the issues surrounding the
question original asked. if you still have questions about the ethics
and legalese of sniffing, be sure to ask.)
I am stressing you use caution in this matter. Your attempts to
weaken the security in place may or may not cost you now. I don't
have any idea what the scope of your project or experiment is - but I
hope it's not accessible to the public Internet...
Good luck,
Scott Edwards
--
Daxal Communications - http://www.daxal.com
Surf the USA - http://www.surfthe.us
Reply to: