Network interface: you don’t have permission to capture on that device (socket: Operation not permitted)

Currently I’m writing a small project that views the local bandwidth. I installed the package and implemented the code that’s available on the pcap4j site just to try it out like so:

import org.pcap4j.core.*;
import org.pcap4j.core.PcapNetworkInterface.PromiscuousMode;
import org.pcap4j.packet.IpV4Packet;
import org.pcap4j.packet.Packet;

import java.io.EOFException;
import java.lang.*;
import java.net.*;
import java.util.concurrent.TimeoutException;

public class BandwidthViewer {
    public static void main(String[] args) throws UnknownHostException, PcapNativeException, EOFException, TimeoutException, NotOpenException {
        InetAddress addr = InetAddress.getByName("192.168.1.8");
        PcapNetworkInterface nif = Pcaps.getDevByAddress(addr);

        int snapLen = 65536;
        PromiscuousMode mode = PromiscuousMode.PROMISCUOUS;
        int timeout = 10;
        PcapHandle handle = nif.openLive(snapLen, mode, timeout);

        Packet packet = handle.getNextPacketEx();
        handle.close();

        IpV4Packet ipV4Packet = packet.get(IpV4Packet.class);
        Inet4Address srcAddr = ipV4Packet.getHeader().getSrcAddr();
        System.out.println(srcAddr);
    }
}

JavaScript
​x
 
import org.pcap4j.core.*;import org.pcap4j.core.PcapNetworkInterface.PromiscuousMode;import org.pcap4j.packet.IpV4Packet;import org.pcap4j.packet.Packet;​import java.io.EOFException;import java.lang.*;import java.net.*;import java.util.concurrent.TimeoutException;​public class BandwidthViewer {    public static void main(String[] args) throws UnknownHostException, PcapNativeException, EOFException, TimeoutException, NotOpenException {        InetAddress addr = InetAddress.getByName("192.168.1.8");        PcapNetworkInterface nif = Pcaps.getDevByAddress(addr);​        int snapLen = 65536;        PromiscuousMode mode = PromiscuousMode.PROMISCUOUS;        int timeout = 10;        PcapHandle handle = nif.openLive(snapLen, mode, timeout);​        Packet packet = handle.getNextPacketEx();        handle.close();​        IpV4Packet ipV4Packet = packet.get(IpV4Packet.class);        Inet4Address srcAddr = ipV4Packet.getHeader().getSrcAddr();        System.out.println(srcAddr);    }}​

Once run I get this error:

/usr/lib/jvm/java-11-openjdk/bin/java -javaagent:/usr/share/idea/lib/idea_rt.jar=46685:/usr/share/idea/bin -Dfile.encoding=UTF-8 -classpath /home/ivan/mdrive/Projects/IdeaProjects/BandwidthViewer/target/classes:/home/ivan/.m2/repository/org/pcap4j/pcap4j-core/2.0.0-alpha.6/pcap4j-core-2.0.0-alpha.6.jar:/home/ivan/.m2/repository/org/slf4j/slf4j-api/1.7.26/slf4j-api-1.7.26.jar:/home/ivan/.m2/repository/net/java/dev/jna/jna/5.3.1/jna-5.3.1.jar:/home/ivan/.m2/repository/org/pcap4j/pcap4j-packetfactory-static/2.0.0-alpha.6/pcap4j-packetfactory-static-2.0.0-alpha.6.jar BandwidthViewer
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
Exception in thread "main" org.pcap4j.core.PcapNativeException: enp3s0: You don't have permission to capture on that device (socket: Operation not permitted)
    at org.pcap4j.core.PcapNetworkInterface.openLive(PcapNetworkInterface.java:238)
    at BandwidthViewer.main(BandwidthViewer.java:19)

Process finished with exit code 1

JavaScript
 
/usr/lib/jvm/java-11-openjdk/bin/java -javaagent:/usr/share/idea/lib/idea_rt.jar=46685:/usr/share/idea/bin -Dfile.encoding=UTF-8 -classpath /home/ivan/mdrive/Projects/IdeaProjects/BandwidthViewer/target/classes:/home/ivan/.m2/repository/org/pcap4j/pcap4j-core/2.0.0-alpha.6/pcap4j-core-2.0.0-alpha.6.jar:/home/ivan/.m2/repository/org/slf4j/slf4j-api/1.7.26/slf4j-api-1.7.26.jar:/home/ivan/.m2/repository/net/java/dev/jna/jna/5.3.1/jna-5.3.1.jar:/home/ivan/.m2/repository/org/pcap4j/pcap4j-packetfactory-static/2.0.0-alpha.6/pcap4j-packetfactory-static-2.0.0-alpha.6.jar BandwidthViewerSLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".SLF4J: Defaulting to no-operation (NOP) logger implementationSLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.Exception in thread "main" org.pcap4j.core.PcapNativeException: enp3s0: You don't have permission to capture on that device (socket: Operation not permitted)    at org.pcap4j.core.PcapNetworkInterface.openLive(PcapNetworkInterface.java:238)    at BandwidthViewer.main(BandwidthViewer.java:19)​Process finished with exit code 1​

It makes sense that I can sniff any packets since I’m running it as a non-root user. I tried to fix this by using a solution like this but ultimately it didn’t work. I know this should be possible, since programs like Wireshark also need you to log in as a root user in order to look at all the packets. Does anybody know what can fix this? Obviously I could run my IDE as root but that just seems unnecessary. I’m running this on Manjaro Linux.

Answer

I fixed it. After further investigation I figured out that the file I was trying to add permissions to was within my java-8-openjdk folder, but my project uses java-11-openjdk. So I set the permissions for the correct executable and it now works. Changing the permissions can be done by logging in as root in a terminal and executing: setcap cap_net_raw,cap_net_admin=eip /path/to/java

Advertisement

Answer