> Two other solutions to this are sudo and op.
On *SOME* OSes, another solution to this particular problem is to make
the device that libpcap opens readable and, if necessary, writable by
the user or users who should be allowed to use Ethereal.
This obviously doesn't work on OSes where libpcap doesn't open a device,
e.g. Linux and IRIX (in both of them, it opens a socket).
It does, however, work on the BSDs (make the "/dev/bpf*" devices
readable), and it works on *some* systems that use DLPI, although it
doesn't necessarily do all that you might want. (It doesn't appear to
work on HP-UX - I get
tcpdump: recv_ack: promisc_phys: Not owner
from tcpdump, for example, and get
tcpdump: recv_ack: promisc_sap: Not owner
if I run it with the "-p" flag, asking that it not run in promiscuous
mode; the "Not owner" in both of those messages suggest an explicit
check for root - that's EPERM, which is often used for "sorry, you're
not the super-user", even though on many UNIXes the text for it is "Not
owner".
It works on at least some verisons of Solaris, although on Solaris 7 it
appears not to let non-root users go into promiscuous mode.)
On Digital UNIX, you can use "pfconfig" to allow non-root users to put
the interface into promiscuous mode or copyall mode.
