1

Netbeans 11.2 running on Linux Mint 19.2 Cinnamon, Kernel 4.15.0-72-generic

I’ve moved a custom network packet sniffing project I developed some years ago over from Windows 7 to Linux. This uses jNetPcap to do the actual packet capture. JnetPcap is a wrapper for Libpcap.

Problem: When running my project in Netbeans I get the error “You don't have permission to capture on that device”.

Compiling the project to a .jar file which I then run as root, all is well. Thus demonstrating that the project code is OK and that the issue is confined to a lack of permissions.

The "native shared library" being used is libjnetcap.so

Essentially, I want to be able to run/debug this project in Netbeans 11.2

In an attempt to resolve this I’ve tried numerous things:

  1. On the assumption that it is libjnetcap.so that is accessing the network interface, I tried giving it elevated privileges using setuid, to no effect. I also tried giving it capabilities with sudo setcap cap_net_raw=p ./libjnetpcap.so, again to no effect.

  2. Tried setuid on /usr/bin/java. This time I could run the compiled projects .jar file without using sudo. However, Netbeans IDE would not load from the desktop icon. Running Netbeans from a terminal elicited an error message that the use of setuid was not permitted.

  3. I was unable to set capabilities on /usr/bin/java. The wrong type of file?

I found this on this forum:

In your case, pcap needs low-level access to the network interface. Due to the security implications (capturing network traffic, generating arbitrary network packets etc), such access is limited to privileged users only. On Linux, for example, pcap needs the CAP_NET_RAW capability to be available to the user.

This sounds like my problem, but where is pcap? All I seem to have is the libjnetcap.so library file.

I would be very grateful if some kind soul could give me any pointers etc.

underscore_d
  • 6,309
  • 3
  • 38
  • 64
JohnF
  • 29
  • 3

1 Answers1

1

Not sure if I've had no responses because my problem was really obscure, so few others have experienced it. Or perhaps I failed to describe it adequately. Anyway, I managed to solve it myself. I've described the solution below in-case anyone else should experience it. Need to find the java executable being used then change its capabilities. 1. To find the java executable being used. Enter the command. whereis java This gives the path to a symlink. Capabilities cannot be applied to symlinks, so follow this to its target. This is another symlink whose target is the executable. In my case this was: /usr/lib/jvm/java-8-openjdk-amd64/jre/bin 2. Change directory to this, i.e. cd /usr/lib/jvm/java-8-openjdk-amd64/jre/bin 3. Change its capabilities: sudo setcap cap_net_raw,cap_net_admin=eip java

This fixed the permissions problem when invoking my java application from a script. However, running it from within Netbeans still gave the permissions error. This is because Netbeans is not necessarily using the same version of Java as that used by a bash script. In my case Netbeans was using version 11, so added version 8 to the available platforms and then switched the project over to this.

JohnF
  • 29
  • 3