tcpdump mailing list archives
Re: tcpdump: file.pcap0: Permission denied
From: "Mark W. Jeanmougin" <mark.jeanmougin () cchmc org>
Date: Mon, 06 Feb 2012 08:54:01 -0500
On 02/03/2012 07:04 PM, Jerome Yanga wrote:
The permissions on the /data directory is ... # ls -alh /data/ total 4.1M drwxr-xr-x 2 root root 4.0K Feb 3 15:21 . dr-xr-xr-x. 23 root root 4.0K Feb 3 06:49 .. -rw-r--r-- 1 root root 4.0M Feb 3 07:29 502_capture-seed.txt
Try running 'chmod a+w /data/'. When I've done this, tcpdump drops root permissions before it starts writing.
For example, on my Fedora boxes, all of my tcpdump captures are owned by tcpdump:tcpdump. So, you could also do something with that information.
In my environment, any box that's setup doing the kind of packet capturing you're talking about is locked down so that the only people with access to that box also have root access to read the output files. So, blowing the permissions wide open isn't a big deal.
FYI, I am running the command as root. The first command does not work even without the shell expansion date command. I created the seed file using the following command. dd if=/dev/zero of=/data/502_capture-seed.txt bs=$(( 1024 * 1024 )) count=4 All I am doing is trying to run tcpdump so that it will create another file once it has reached 4MB (-C 4). I also want it to be limited to just 10 files(-W 10), to rotate to the next file every 5 minutes (-G 300), and to be compressed everytime it creates a new file (-z bzip2).
I'd start with something simple and work my way up. Start with this: tcpdump -i eth0 -s 0 -w /data/capture_rotate_1.pcapThen, add your other parameters one by one (see when things break) until you get back to your original:
tcpdump -i eth0 -s 65535 -w /data/capture_rotate_`date +%Y_%m_%d`.pcap\ -C 4 -W 10 -G 300 -z bzip2 -F /data/capture-seed.txtHopefully, the permission change on the data directory will be all you need! My gut tells me that the "-F" option is going to throw you. I've never used it before, so I'm not sure...
Finally, depending on your hardware, take a look at the pbzip2 package. It is a parallel implementation of bzip2. It scales pretty linearly on multicore x86_64 CPU's. I've been very happy with it. It's also pretty easy to shoot yourself in the foot by overdoing the CPU utilization.
MJ - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- tcpdump: file.pcap0: Permission denied Jerome Yanga (Feb 03)
- Re: tcpdump: file.pcap0: Permission denied Mark W. Jeanmougin (Feb 03)
- Re: tcpdump: file.pcap0: Permission denied Jerome Yanga (Feb 03)
- Re: tcpdump: file.pcap0: Permission denied Mark W. Jeanmougin (Feb 06)
- Re: tcpdump: file.pcap0: Permission denied Jerome Yanga (Feb 06)
- Re: tcpdump: file.pcap0: Permission denied Mark W. Jeanmougin (Feb 06)
- Re: tcpdump: file.pcap0: Permission denied Jerome Yanga (Feb 03)
- Re: tcpdump: file.pcap0: Permission denied Mark W. Jeanmougin (Feb 03)
- Re: tcpdump: file.pcap0: Permission denied Jerome Yanga (Feb 06)
- Re: tcpdump: file.pcap0: Permission denied Mark W. Jeanmougin (Feb 06)
- Re: tcpdump: file.pcap0: Permission denied Jerome Yanga (Feb 06)
- Re: tcpdump: file.pcap0: Permission denied Jerome Yanga (Feb 06)