Results 1 to 9 of 9

Thread: tcpdump permission denied

  1. #1
    Join Date
    Jan 2010
    Beans
    20

    tcpdump permission denied

    when i type this command : "tcpdump -r 12072006.tcpdump.log"

    this output appear : "tcpdump: 12072006.tcpdump.log: Permission denied"

    i access the 12072006.tcpdump.log file from another hard disk which installed with windows os.

    please help..

  2. #2
    Join Date
    Dec 2005
    Beans
    52

    Re: tcpdump permission denied

    I think you need to have root privileges ...

    so: sudo tcpdump ...

    ++

  3. #3
    Join Date
    Jan 2010
    Beans
    20

    Re: tcpdump permission denied

    i'm in root user, but still got the permission denied.
    please help


  4. #4
    Join Date
    Nov 2009
    Beans
    2

    Re: tcpdump permission denied

    Do you have a solution for this ? Can you please post the solution ?
    I have exactly the same problem, doing "sudo tcpdump -r fileName" gives me "Permission denied" error, the file is in an external harddisk.

    Thanks.

  5. #5
    Join Date
    May 2005
    Beans
    4
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: tcpdump permission denied

    I happened to find a fix here:

    http://thecomputergroup.net/how-to-f...ntu-904-server

    I'm not sure about the security risks of doing this however.

  6. #6
    Join Date
    Feb 2007
    Location
    San Francisco, CA
    Beans
    2
    Distro
    Xubuntu 10.10 Maverick Meerkat

    Re: tcpdump permission denied

    This is probably caused by AppArmor. You need to switch from 'enforcement' mode to 'complain' mode on 'tcpdump'. Run the following command as root:

    Code:
    aa-complain /usr/sbin/tcpdump

    You can check by running the following command as root:

    Code:
    grep tcpdump /sys/kernel/security/apparmor/profiles

    You should see (enforce) or (complain). You want it to say (complain).
    Last edited by noahspurrier; November 3rd, 2010 at 01:20 AM. Reason: Added more info on how to check AppArmor mode on a command.

  7. #7
    Join Date
    Feb 2007
    Beans
    185

    Re: tcpdump permission denied

    show the output of:
    ls -l 12072006.tcpdump.log

  8. #8
    Join Date
    Jun 2009
    Beans
    25

    Re: tcpdump permission denied

    el_fiqs,

    Was this problem solved for you? I too am experiencing this problem as root user.

    Code:
    tcpdump -i eth0 -Xnnvv -w tcpdump.file port 53
    produces:

    tcpdump: tcpdump.file: Permission denied

    I'm in /etc when it fails.

    the command works in /root though.

    I'm sure noahspurrier is right, it's probably an apparmor issue.

    But did you solve it, and what did you do to solve it?

  9. #9
    Join Date
    Jan 2008
    Beans
    16

    Re: tcpdump permission denied

    noahspurrier is correct, "aa-complain /usr/sbin/tcpdump" definitely fixed the issue for me, thanks.

    You still ened root priviledges though, but this command is useful if you need to write pcaps to a folder which is not owned by root e.g. when it needs to be accessible to other users and groups.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •