require 'ffi/pcap'pcap = FFI::PCap::Live.new(:dev => "wlan0", :timeout => 1)pc

1. require 'ffi/pcap'
2. pcap = FFI::PCap::Live.new(:dev => "wlan0", :timeout => 1)
3. pcap.loop() do |this,pkt|
4. puts pkt.body
5. end
6.  
7. CAP_AUDIT_CONTROL (since Linux 2.6.11)
8. Enable and disable kernel auditing; change auditing filter
9. rules; retrieve auditing status and filtering rules.
10.  
11. CAP_AUDIT_READ (since Linux 3.16)
12. Allow reading the audit log via a multicast netlink socket.
13.  
14. CAP_AUDIT_WRITE (since Linux 2.6.11)
15. Write records to kernel auditing log.
16.  
17. CAP_BLOCK_SUSPEND (since Linux 3.5)
18. Employ features that can block system suspend (epoll(7)
19. EPOLLWAKEUP, /proc/sys/wake_lock).
20.  
21. CAP_CHOWN
22. Make arbitrary changes to file UIDs and GIDs (see chown(2)).
23.  
24. CAP_DAC_OVERRIDE
25. Bypass file read, write, and execute permission checks. (DAC
26. is an abbreviation of "discretionary access control".)
27.  
28. CAP_DAC_READ_SEARCH
29. * Bypass file read permission checks and directory read and
30. execute permission checks;
31. * invoke open_by_handle_at(2);
32. * use the linkat(2) AT_EMPTY_PATH flag to create a link to a
33. file referred to by a file descriptor.
34.  
35. CAP_FOWNER
36. * Bypass permission checks on operations that normally require
37. the filesystem UID of the process to match the UID of the
38. file (e.g., chmod(2), utime(2)), excluding those operations
39. covered by CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH;
40. * set inode flags (see ioctl_iflags(2)) on arbitrary files;
41. * set Access Control Lists (ACLs) on arbitrary files;
42. * ignore directory sticky bit on file deletion;
43. * specify O_NOATIME for arbitrary files in open(2) and
44. fcntl(2).
45.  
46. CAP_FSETID
47. * Don't clear set-user-ID and set-group-ID mode bits when a
48. file is modified;
49. * set the set-group-ID bit for a file whose GID does not match
50. the filesystem or any of the supplementary GIDs of the
51. calling process.
52.  
53. CAP_IPC_LOCK
54. Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)).
55.  
56. CAP_IPC_OWNER
57. Bypass permission checks for operations on System V IPC
58. objects.
59.  
60. CAP_KILL
61. Bypass permission checks for sending signals (see kill(2)).
62. This includes use of the ioctl(2) KDSIGACCEPT operation.
63.  
64. CAP_LEASE (since Linux 2.4)
65. Establish leases on arbitrary files (see fcntl(2)).
66.  
67. CAP_LINUX_IMMUTABLE
68. Set the FS_APPEND_FL and FS_IMMUTABLE_FL inode flags (see
69. ioctl_iflags(2)).
70.  
71. CAP_MAC_ADMIN (since Linux 2.6.25)
72. Allow MAC configuration or state changes. Implemented for the
73. Smack Linux Security Module (LSM).
74.  
75. CAP_MAC_OVERRIDE (since Linux 2.6.25)
76. Override Mandatory Access Control (MAC). Implemented for the
77. Smack LSM.
78.  
79. CAP_MKNOD (since Linux 2.4)
80. Create special files using mknod(2).
81.  
82. CAP_NET_ADMIN
83. Perform various network-related operations:
84. * interface configuration;
85. * administration of IP firewall, masquerading, and accounting;
86. * modify routing tables;
87. * bind to any address for transparent proxying;
88. * set type-of-service (TOS)
89. * clear driver statistics;
90. * set promiscuous mode;
91. * enabling multicasting;
92. * use setsockopt(2) to set the following socket options:
93. SO_DEBUG, SO_MARK, SO_PRIORITY (for a priority outside the
94. range 0 to 6), SO_RCVBUFFORCE, and SO_SNDBUFFORCE.
95.  
96. CAP_NET_BIND_SERVICE
97. Bind a socket to Internet domain privileged ports (port
98. numbers less than 1024).
99.  
100. CAP_NET_BROADCAST
101. (Unused) Make socket broadcasts, and listen to multicasts.
102.  
103. CAP_NET_RAW
104. * Use RAW and PACKET sockets;
105. * bind to any address for transparent proxying.
106.  
107. CAP_SETGID
108. * Make arbitrary manipulations of process GIDs and
109. supplementary GID list;
110. * forge GID when passing socket credentials via UNIX domain
111. sockets;
112. * write a group ID mapping in a user namespace (see
113. user_namespaces(7)).
114.  
115. CAP_SETFCAP (since Linux 2.6.24)
116. Set file capabilities.
117.  
118. CAP_SETPCAP
119. If file capabilities are not supported: grant or remove any
120. capability in the caller's permitted capability set to or from
121. any other process. (This property of CAP_SETPCAP is not
122. available when the kernel is configured to support file
123. capabilities, since CAP_SETPCAP has entirely different
124. semantics for such kernels.)
125.  
126. If file capabilities are supported: add any capability from
127. the calling thread's bounding set to its inheritable set; drop
128. capabilities from the bounding set (via prctl(2)
129. PR_CAPBSET_DROP); make changes to the securebits flags.
130.  
131. CAP_SETUID
132. * Make arbitrary manipulations of process UIDs (setuid(2),
133. setreuid(2), setresuid(2), setfsuid(2));
134. * forge UID when passing socket credentials via UNIX domain
135. sockets;
136. * write a user ID mapping in a user namespace (see
137. user_namespaces(7)).
138.  
139. CAP_SYS_ADMIN
140. Note: this capability is overloaded; see Notes to kernel
141. developers, below.
142.  
143. * Perform a range of system administration operations
144. including: quotactl(2), mount(2), umount(2), swapon(2),
145. setdomainname(2);
146. * perform privileged syslog(2) operations (since Linux 2.6.37,
147. CAP_SYSLOG should be used to permit such operations);
148. * perform VM86_REQUEST_IRQ vm86(2) command;
149. * perform IPC_SET and IPC_RMID operations on arbitrary System
150. V IPC objects;
151. * override RLIMIT_NPROC resource limit;
152. * perform operations on trusted and security Extended
153. Attributes (see xattr(7));
154. * use lookup_dcookie(2);
155. * use ioprio_set(2) to assign IOPRIO_CLASS_RT and (before
156. Linux 2.6.25) IOPRIO_CLASS_IDLE I/O scheduling classes;
157. * forge PID when passing socket credentials via UNIX domain
158. sockets;
159. * exceed /proc/sys/fs/file-max, the system-wide limit on the
160. number of open files, in system calls that open files (e.g.,
161. accept(2), execve(2), open(2), pipe(2));
162. * employ CLONE_* flags that create new namespaces with
163. clone(2) and unshare(2) (but, since Linux 3.8, creating user
164. namespaces does not require any capability);
165. * call perf_event_open(2);
166. * access privileged perf event information;
167. * call setns(2) (requires CAP_SYS_ADMIN in the target
168. namespace);
169. * call fanotify_init(2);
170. * call bpf(2);
171. * perform privileged KEYCTL_CHOWN and KEYCTL_SETPERM keyctl(2)
172. operations;
173. * use ptrace(2) PTRACE_SECCOMP_GET_FILTER to dump a tracees
174. seccomp filters;
175. * perform madvise(2) MADV_HWPOISON operation;
176. * employ the TIOCSTI ioctl(2) to insert characters into the
177. input queue of a terminal other than the caller's
178. controlling terminal;
179. * employ the obsolete nfsservctl(2) system call;
180. * employ the obsolete bdflush(2) system call;
181. * perform various privileged block-device ioctl(2) operations;
182. * perform various privileged filesystem ioctl(2) operations;
183. * perform privileged ioctl(2) operations on the /dev/random
184. device (see random(4));
185. * install a seccomp(2) filter without first having to set the
186. no_new_privs thread attribute;
187. * modify allow/deny rules for device control groups;
188. * employ the ptrace(2) PTRACE_SECCOMP_GET_FILTER operation to
189. dump tracee's seccomp filters;
190. * employ the ptrace(2) PTRACE_SETOPTIONS operation to suspend
191. the tracee's seccomp protections (i.e., the
192. PTRACE_O_SUSPEND_SECCOMP flag).
193. * perform administrative operations on many device drivers.
194.  
195. CAP_SYS_BOOT
196. Use reboot(2) and kexec_load(2).
197.  
198. CAP_SYS_CHROOT
199. Use chroot(2).
200.  
201. CAP_SYS_MODULE
202. * Load and unload kernel modules (see init_module(2) and
203. delete_module(2));
204. * in kernels before 2.6.25: drop capabilities from the system-
205. wide capability bounding set.
206.  
207. CAP_SYS_NICE
208. * Raise process nice value (nice(2), setpriority(2)) and
209. change the nice value for arbitrary processes;
210. * set real-time scheduling policies for calling process, and
211. set scheduling policies and priorities for arbitrary
212. processes (sched_setscheduler(2), sched_setparam(2),
213. shed_setattr(2));
214. * set CPU affinity for arbitrary processes
215. (sched_setaffinity(2));
216. * set I/O scheduling class and priority for arbitrary
217. processes (ioprio_set(2));
218. * apply migrate_pages(2) to arbitrary processes and allow
219. processes to be migrated to arbitrary nodes;
220. * apply move_pages(2) to arbitrary processes;
221. * use the MPOL_MF_MOVE_ALL flag with mbind(2) and
222. move_pages(2).
223.  
224. CAP_SYS_PACCT
225. Use acct(2).
226.  
227. CAP_SYS_PTRACE
228. * Trace arbitrary processes using ptrace(2);
229. * apply get_robust_list(2) to arbitrary processes;
230. * transfer data to or from the memory of arbitrary processes
231. using process_vm_writev(2);
232. * inspect processes using kcmp(2).
233.  
234. CAP_SYS_RAWIO
235. * Perform I/O port operations (iopl(2) and ioperm(2));
236. * access /proc/kcore;
237. * employ the FIBMAP ioctl(2) operation;
238. * open devices for accessing x86 model-specific registers
239. (MSRs, see msr(4));
240. * update /proc/sys/vm/mmap_min_addr;
241. * create memory mappings at addresses below the value
242. specified by /proc/sys/vm/mmap_min_addr;
243. * map files in /proc/bus/pci;
244. * open /dev/mem and /dev/kmem;
245. * perform various SCSI device commands;
246. * perform certain operations on hpsa(4) and cciss(4) devices;
247. * perform a range of device-specific operations on other
248. devices.
249.  
250. CAP_SYS_RESOURCE
251. * Use reserved space on ext2 filesystems;
252. * make ioctl(2) calls controlling ext3 journaling;
253. * override disk quota limits;
254. * increase resource limits (see setrlimit(2));
255. * override RLIMIT_NPROC resource limit;
256. * override maximum number of consoles on console allocation;
257. * override maximum number of keymaps;
258. * allow more than 64hz interrupts from the real-time clock;
259. * raise msg_qbytes limit for a System V message queue above
260. the limit in /proc/sys/kernel/msgmnb (see msgop(2) and
261. msgctl(2));
262. * allow the RLIMIT_NOFILE resource limit on the number of "in-
263. flight" file descriptors to be bypassed when passing file
264. descriptors to another process via a UNIX domain socket (see
265. unix(7));
266. * override the /proc/sys/fs/pipe-size-max limit when setting
267. the capacity of a pipe using the F_SETPIPE_SZ fcntl(2)
268. command.
269. * use F_SETPIPE_SZ to increase the capacity of a pipe above
270. the limit specified by /proc/sys/fs/pipe-max-size;
271. * override /proc/sys/fs/mqueue/queues_max limit when creating
272. POSIX message queues (see mq_overview(7));
273. * employ the prctl(2) PR_SET_MM operation;
274. * set /proc/[pid]/oom_score_adj to a value lower than the
275. value last set by a process with CAP_SYS_RESOURCE.
276.  
277. CAP_SYS_TIME
278. Set system clock (settimeofday(2), stime(2), adjtimex(2)); set
279. real-time (hardware) clock.
280.  
281. CAP_SYS_TTY_CONFIG
282. Use vhangup(2); employ various privileged ioctl(2) operations
283. on virtual terminals.
284.  
285. CAP_SYSLOG (since Linux 2.6.37)
286. * Perform privileged syslog(2) operations. See syslog(2) for
287. information on which operations require privilege.
288. * View kernel addresses exposed via /proc and other interfaces
289. when /proc/sys/kernel/kptr_restrict has the value 1. (See
290. the discussion of the kptr_restrict in proc(5).)
291.  
292. CAP_WAKE_ALARM (since Linux 3.0)
293. Trigger something that will wake up the system (set
294. CLOCK_REALTIME_ALARM and CLOCK_BOOTTIME_ALARM timers).