Project

General

Profile

Actions
Copy link

Bug #1491

closed

pf_ring is not able to capture packets when running under non-root account

Added by Alexander Gozman almost 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Alexander Gozman
Target version:
3.0RC1
Affected Versions:
Effort:
Difficulty:
Label:

Description

If we set user and group in configuration file, suricata can not capture packets with pf_ring, because interface is not switched to promiscuous mode. But if we do "ifconfig eth0 promisc" before starting suricata, everything works fine. It seems that dropping privileges makes pf_ring useless.

Actions
Copy link
 #1

Updated by Alexander Gozman almost 9 years ago

Seems that CAP_NET_ADMIN is insufficient for promiscuous mode and CAP_NET_RAW is required.

Actions
Copy link
 #3

Updated by Victor Julien almost 9 years ago

  • Status changed from New to Closed
  • Assignee set to Alexander Gozman
  • Target version set to 3.0RC1
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF