Re: tcpdump: file.pcap0: Permission denied

[Jerome Yanga <jerome.yanga () gmail com>]

Hi Mark,

Here are the answers to your questions:

The permissions on the /data directory is ...
# ls -alh /data/
total 4.1M
drwxr-xr-x   2 root root 4.0K Feb  3 15:21 .
dr-xr-xr-x. 23 root root 4.0K Feb  3 06:49 ..
-rw-r--r--   1 root root 4.0M Feb  3 07:29 502_capture-seed.txt

FYI, I am running the command as root.

The first command does not work even without the shell expansion date command.

I created the seed file using the following command.

dd if=/dev/zero of=/data/502_capture-seed.txt bs=$(( 1024 * 1024 )) count=4

All I am doing is trying to run tcpdump so that it will create another
file once it has reached 4MB (-C 4).  I also want it to be limited to
just 10 files(-W 10), to rotate to the next file every 5 minutes (-G
300), and to be compressed everytime it creates a new file (-z bzip2).

jerome

On Fri, Feb 3, 2012 at 12:15 PM, Mark W. Jeanmougin
<mark.jeanmougin () cchmc org> wrote:
> Hey Jerome,
>
>
> On 02/03/2012 01:53 PM, Jerome Yanga wrote:
> > When I attempt to run the following command...
> >
> > tcpdump -i eth0 -s 65535 -w /data/capture_rotate_`date +%Y_%m_%d`.pcap
> > -C 4 -W 10 -G 300 -z bzip2 -F /data/capture-seed.txt
> >
> > ...I get the following error.
> > tcpdump: /data/capture_rotate_2012_02_03.pcap0: Permission denied
>
>
> What are the permissions on the /data/ directory? Does the first command
> work without the shell expansion date command?
>
>
> > The seed file is just a 4MB file that I had created using dd.
> > -rw-r--r-- 1 root root 4.0M Feb  3 07:29 /data/502_capture-seed.txt
>
>
> It looks like the '-F' is for a tcpdump style filter. I'm not sure how you'd
> create that with dd...
>
> Good luck,
>
> MJ
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.