> As this package is related to system/network administration and could be
> abused, it is installed so as to be executable only by root.
On Solaris, you can't capture packets promiscuously unless you're
running as root in any case - and you can't capture packets at all
unless the "/dev" entry for the network device type on which you'd be
capturing packets, e.g. "/dev/hme" or "/dev/ge", is readable and
writable by you, and it's normally readable and writable only by root:
hostname$ uname -sr
SunOS 5.8
hostname$ ls -lL /dev/hme /dev/ge
crw------- 1 root sys 11, 51 Nov 13 13:28 /dev/ge
crw------- 1 root sys 11, 7 Nov 13 13:22 /dev/hme
I.e., even if it's publicly executable, all a user can do on Solaris is
read captures somebody's already gotten *and* made readable by that
user.
(By default, that's the case on most systems. The current CVS, and 3.7
beta, version of the tcpdump man page gives details:
Reading packets from a network interface may require that
you have special privileges:
Under SunOS 3.x or 4.x with
You must have read access to /dev/nit or /dev/bpf*.
Under Solaris with DLPI:
You must have read/write access to the network pseudo
device, e.g. /dev/le. On at least some versions of
Solaris, however, this is not sufficient to allow
tcpdump to capture in promiscuous mode; on those ver-
sions of Solaris, you must be root, or tcpdump must be
installed setuid to root, in order to capture in prom-
iscuous mode.
Under HP-UX with DLPI:
You must be root or tcpdump must be installed setuid to
root.
Under IRIX with snoop:
You must be root or tcpdump must be installed setuid to
root.
Under Linux:
You must be root or tcpdump must be installed setuid to
root.
Under Ultrix and Digital UNIX:
Once the super-user has enabled promiscuous-mode opera-
tion using pfconfig(8), any user may capture network
traffic with tcpdump.
Under BSD:
You must have read access to /dev/bpf*.
Reading a saved packet file doesn't require special
privileges.
The same rules apply to Ethereal and Tethereal, as they use the same
capture mechanism that tcpdump does.)