Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 6124] dumpcap uses obsolete (PF_INET, SOCK_PACKET)

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 14 Jul 2011 17:33:23 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6124

Gerald Combs <gerald@xxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |gerald@xxxxxxxxxxxxx
         Resolution|                            |INVALID

--- Comment #2 from Gerald Combs <gerald@xxxxxxxxxxxxx> 2011-07-14 17:33:22 PDT ---
Wireshark doesn't open raw sockets directly. It relies on libpcap for that. If
you're running Wireshark without capture privileges (which is the case
according to the Launchpad bug) then this is most likely a byproduct of
pcap_activate_linux() in libpcap, which first tries to open a socket using
PF_PACKET and if that fails tries with PF_INET.

What happens if you run 

  tcpdump -D ; dmesg | tail

on your system as a user without CAP_NET_ADMIN or CAP_NET_RAW capabilities
(i.e. a normal user)? On a natty system here I get

[600414.835927] tcpdump uses obsolete (PF_INET,SOCK_PACKET)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube