Packetbeat not working in Linux (requires sudo)


#1
bash-4.1$ ./packetbeat devices -v -debug
bash-4.1$ uname -a
Linux xxxxxx 2.6.32-573.3.1.el6.x86_64 #1 SMP Mon Aug 10 09:44:54 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux

Packetbeat coming out immediately without executing/displaying.


(Andrew Kroh) #2

Try:

$ ./packetbeat -devices

#3

Hi Andrew,

Thanks that worked. But only if I use root user.

[root@xxxpacketbeat-1.1.1-x86_64]# ./packetbeat -devices
0: eth0 (No description available)
1: eth1 (No description available)
2: any (Pseudo-device that captures on all interfaces)
3: lo (No description available)

So is it always that packetbeat have to be run as a root user and not using any other user

I see this when I run using non-root user

bash-4.1$ ./packetbeat -devices
No devices found. You might need sudo?

thanks


(Andrew Kroh) #4

Generally you need to be a privileged user to capture packets. On some distros there are ways of adding capabilities to a binary so that unprivileged users can run them. See http://www.andy-pearce.com/blog/posts/2013/Mar/file-capabilities-in-linux/


(system) #5