requirement of root privileges for libpcap functions

Question

The pcap_lookupdev() fills in the errbuf variable when run as non-root user, while the same functions returns the value of the first available network interface

Answer 1

In general, when it comes to accessing files, devices and other services provided by the OS, access models in Unix (and, thus, Linux) are implemented in the OS.

Userspace programs are expected to just try whatever they want to do and gracefully handle any error condition by e.g. informing the user with a message.

This has several advantages:

• Maintainability: Access policy enforcement remains with the OS and can be configured uniformly. The administrator that wants to restrict access to a resource does so once, rather than having to configure this library here, than that library there, then...

• Configurability: The administrator can configure as simple or complex an access policy they need without being limited by each userspace implementation.

• Security: Userspace programs should not in general be trusted with enforcing access policy. It would be like having a wolf guard the sheep.

EDIT:

In your case, pcap needs low-level access to the network interface. Due to the security implications (capturing network traffic, generating arbitrary network packets etc), such access is limited to privileged users only. On Linux, for example, pcap needs the CAP_NET_RAW capability to be available to the user.

Answer 2

Many of the pcap functions require root privileges in order to work correctly. Might this be the problem?

Answer 3

It mostly depends on OS. Not all pcap functions require root privilege on all OS.

Ref to Reference Manual Pages, all special privilege requirements are listed respectively.