Menu
I have crafted a script (python+bash) which makes use of tcpdump to monitor and filter the TCP headers that flow through a network interface. It works smoothly for all interfaces but when it comes to ethernet en0 interface, Mac requires for tcpdump to be executed as root user (sudo).
Is there any programatic solution by which I can bypass the need to run it with sudo?
I find that tools like wireshark is able to do it without requesting the user for sudo password.
Any solution without requiring sudo would be great.
960
Is there any programatic solution by which I can bypass the need to run it with sudo?
What do you mean by "programatic"?
The way Wireshark does this is that its installer
access_bpf group and puts the user into it;access_bpf and changes the permissions on them to rw-rw---- (as per the ls -l /dev/bpf* output in jonschipp's answer);so that the user who installs Wireshark can run programs that use BPF (all programs using libpcap use BPF on OS X; tcpdump and Wireshark both use libpcap) without having to run them as root (at least as long as the program doesn't need a new BPF device; they're automatically created as needed, but they're created with permissions rw------- and owned by user and group root).
So if you've installed Wireshark, you can run not only Wireshark (and TShark, and the dumpcap program that both of them use to do packet capturing) as an ordinary user and capture traffic, you can also, for example, run tcpdump as an ordinary user and capture traffic.
I.e., it's not something in the Wireshark code that enables this, so it's not "programatic" in that sense, it's something installed by the Wireshark installer that enables this, and it enables it for all programs.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With