On Thu, Aug 03, 2000 at 08:49:25AM +0200, Fulvio Risso wrote:
> (sorry, I put ethereal list in cc: because I think its' quite interesting)
The only reason I sent my reply just to you was because I didn't think
my reply was of general interest - your reply is certainly of general
interest, though.
We might want to put an item in the Ethereal FAQ about PPP problems on
Win32, and also have something in the Ethereal FAQ pointing to the
WinPcap FAQ. (Some items in the FAQ are of interest only to developers,
but a bunch of them also affect users.)
BTW, *in re* question 5, it turns out that, at least on some flavors of
UNIX, it is possible to arrange that non-privileged users be able to run
libpcap programs:
on those UNIXes where the packet capture mechanism works through
entries in "/dev" (most of them), you can probably give read and
write privileges to people or groups other than root -
on DLPI systems libpcap opens the device read-only, so giving
read privileges would probably be sufficient, which I think
would allow sniffing but not packet injection, but on the BSDs,
SunOS 4.x, Ultrix, Digital UNIX, and AIX on the RT PC, you'd
have to give write permission, although it might be possible to
make libpcap open some of them read-only;
on at least some Linux kernel releases, if you can arrange that
some users get the CAP_NET_RAW capability, those users should be
able to run libpcap programs (although I think that'd give both
capture and injection capabilities).
That might be a convenience on personal desktops, although the person in
question might want to arrange that only *they* get those privileges,
and might also be useful on shared machines, although there it'd
probably typically be the case that only administrators should be
granted those privileges.
(As that's not the default behavior, the WinPcap FAQ shouldn't be
changed; it's just an FYI for users of UNIX systems.)
> The problem is that we are not able to make PPP working properly. Code
> should be the same (opening an Ethernet card should be the same as opening a
> PPP interface), however it doesn't work.
> Our problem is confirmed by several other guys on the Internet (newsgroup,
> private conversation...): as far as we know nobody but Microsoft is able to
> capture onto a PPP interface.
Hmm.
Perhaps the Microsoft Research guys who help fund your work can convince
the mothership to help? (I'm not sure which groups in Microsoft would
consider better libpcap support a feature and which would consider it a
bug; NetMon Lite comes bundled with NT Server and at least some versions
of W2K server, so they'd only lose revenue if somebody'd have bought
lighter versions of the OS were it not for NetMon, and SMS is, I have
the impression, sufficiently costly that few people would buy it just
for NetMon, but maybe they wouldn't want to annoy suppliers of
third-party non-free sniffers by making it easier for people to use
Analyzer or Ethereal or tcpdump.)