Greetings, Many people are using pound ( http://www.apsis.ch/pound/ ) to proxy traffic from port 443 to another port using the local interface. On Linux, I don't believe a regular user can open network devices for dumping. At least that is what my tests below show me. Does anyone know if its the kernel denying access or the library itself? Can you think of any other security concerns which would result from sending unencrypted traffic over a local port? Thanks! Brock [noland at a90 ~]$ cat pcap-open-default.c #include <stdio.h> #include <pcap.h> int main(int argc, char *argv[]) { char *dev, errbuf[PCAP_ERRBUF_SIZE]; dev = pcap_lookupdev(errbuf); if (dev == NULL) { fprintf(stderr, "Couldn't find default device: %s\n", errbuf); return(2); } printf("Device: %s\n", dev); return(0); } [noland at a90 ~]$ gcc -lpcap pcap-open-default.c [noland at a90 ~]$ ./a.out Couldn't find default device: no suitable device found [noland at a90 ~]$ sudo ./a.out Device: eth0 [noland at a90 ~]$ cat pcap-find-all.c #include <stdio.h> #include <pcap.h> int main(int argc, char *argv[]) { char errbuf[PCAP_ERRBUF_SIZE]; pcap_if_t *dev; pcap_findalldevs(&dev, errbuf); if (dev == NULL) { fprintf(stderr, "Couldn't find any devices: %s\n", errbuf); return(2); } while(dev != NULL) { printf("Device: %s\n", dev->name); dev = dev->next; } return(0); } [noland at a90 ~]$ gcc -lpcap pcap-find-all.c [noland at a90 ~]$ ./a.out Couldn't find any devices: socket: Operation not permitted [noland at a90 ~]$ sudo ./a.out Device: eth0 Device: any Device: lo