Can I use libpcap without root privileges?

Posted on 2009-02-19
Last Modified: 2013-12-16
We have created an application which sniffs packets from the network. It runs through Java Web Start and uses libjpcap which in turn uses libpcap. This application is being run on Ubuntu 8.10.

The challenge is, when we run the application using root privileges (such as by using sudo), then it works fine and lists the network cards also. However, when we use it as an unprivileged user, then it doesn't display network card information and thus does no sniffing as well.

Wireshark also behaves in the same manner and and it is specifically mentioned in Wireshark's documentation to sniff the packets through root only. However, it would not be possible to make all users run as root in our environment.

Is there any way we can use non-root privileges to do sniffing? Maybe through
 * suid?
 * allowing full network card access to a group?
 * any other packet capturing library which allows this? We need to use it through java only.

We did "ifconfig eth0 promisc" but it doesn't help.
Question by:vcustomerindia
    LVL 29

    Expert Comment

    why are u not using user in sudo file list and give him access to run that command

    editi visudo file

    add the user and allow the user for that comand with full binary path

    Author Comment

    That doesn't solve the purpose. We are calling specific libraries - from /usr/lib and there's no command being executed.

    What I've learnt about sudo is that through sudo you can grant privileges to particular commands. However here we're not using any particular command. Also, we're executing it through java web start and that is through Firefox. So, to enable it we use "sudo firefox" and then it works fine. But for all users it would need to be specially done which we don't want. We just want them to call a URL from whatever browser and they should be able to do it.

    I tried giving suid privileges to Sun Java's javaws application but it doesn't execute with suid privileges.
    LVL 29

    Expert Comment

    so you saing, by putting that user in sudo file , it will not work , even to give him all right with

    ALL commmand ??
    LVL 27

    Expert Comment

    > Is there any way we can use non-root privileges to do sniffing?
    Impossible, until you run it as root (possibly with sudo).
    "having a look at J2SE SDK release notes, I found:
    "Running Java with setuid or setgid
    Java requires dynamic loading (SHLIB_PATH, LD_LIBRARY_PATH) which are disabled in setuid or setgid executables. Therefore Java cannot run with setuid or setgid."

    => I understand that having it working until now with the setuid bit was more an unexpected situation!!!

    I have installed and configured sudo on my server as a way to replace the use of setuid.?

    Accepted Solution

    @fosiul01:The ALL command would require the user executing the application through sudo. Our app is being executed through java web start from within a browser. So the browser would need to be executed through sudo/gksudo firefox - and this already works as I'd mentioned earlier.

    As Nopius confirmed, we cannot do packet capturing without using sudo. So here's what we are contemplating to do

    1. In sudo we allow access to /etc/alternatives/javaws for all users without entering a password.
    2. Replace /usr/bin/javaws with a shell script which has
    gksudo "/etc/alternatives/javaws $1 $2 $3 $4 $5 $6 $7 $8 $9"

    and make the script executable. So all java web start apps launching from within a browser would have the reqd privileges, thus solving our problem.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Suggested Solutions

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now