Home » Linux » tcpdump: permission denied running as root

tcpdump: permission denied running as root

April 28, 2018 daniel 0 Linux,

Running tcpdump with (-w) option in order to write the raw packets to a file fails with “tcpdump: packets: Permission denied” error, even if the command was run by root –

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04 LTS
Release: 14.04
Codename: trusty
# tcpdump -i eth0 -nn -l -s 2000 'port 8000' -w packets
tcpdump: packets: Permission denied

User, in this case root, can create and delete files in this directory –


root@vm:/opt# pwd
/opt
root@vm:/opt# id
uid=0(root) gid=0(root) groups=0(root)
root@vm:/opt# touch myfile
root@vm:/opt# rm myfile

Succeeds in /tmp and /root (home directory of root user ) –


root@newsvm1010:/opt# cd /tmp/
root@newsvm1010:/tmp# tcpdump -i eth0 -nn -l -s 2000 'port 8000' -w packets
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 2000 bytes

Easy fix resolution – make sure to run it under /tmp or /root.

Root cause and permanent fix

The underlying cause was AppArmor, it was set in “enforce” mode and changing it to “complain” mode for tcpdump resolved the issue.

Before fix –


grep tcp /sys/kernel/security/apparmor/profiles

After fix –


# apt-get install apparmor-utils

# aa-complain /usr/sbin/tcpdump
Setting /usr/sbin/tcpdump to complain mode.

# grep tcp /sys/kernel/security/apparmor/profiles
/usr/sbin/tcpdump (complain)

# cd /opt/
root@vm:/opt# tcpdump -i eth0 -nn -l -s 2000 'port 8000' -w packets
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 2000 bytes

Tags: permission error, tcpdump

About The Author

daniel

Leave a Reply Cancel reply

April 18, 2024 April 18, 2024
Artifact Registry Feature The immutable tags setting is generally available for Docker repositories. When tags are immutable, you can't change the image digest that a tag references in the repository. You can configure this setting when you create a repository or change the setting on an existing repository. Generative AI on Vertex AI Feature Meta's […]
April 17, 2024 April 17, 2024
Apigee hybrid Announcement hybrid v1.12.0 On April 17, 2024 we released an updated version of the Apigee hybrid software, v1.12.0. For information on upgrading, see Upgrading Apigee hybrid to version v1.12.0. For information on new installations, see The big picture. Feature A new suite of metrics for monitoring Apigee proxies and target endpoints is now […]
April 16, 2024 April 16, 2024
BigQuery Feature BigQuery now supports subqueries in row level access policies. This feature is now in public preview. Bigtable Changed Client-side metrics are enabled by default in the Bigtable client library for Java versions 2.38.0 and later. Cloud Load Balancing Feature Internal passthrough Network Load Balancer now supports load-balancing for TCP, UDP, ICMP, ICMPv6, SCTP, […]
April 15, 2024 April 15, 2024
Apigee X Announcement On April 15, 2024, we released an updated version of Apigee (1-12-0-apigee-4). Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to be completed across all Google Cloud zones. Your instances may not have the features and fixes available […]
April 12, 2024 April 12, 2024
AlloyDB for PostgreSQL Fixed AlloyDB Omni version 15.5.2 is now available. This version fixes the issue causing AlloyDB Omni running in Kubernetes to run out of memory and crash under some heavy workloads. To apply this fix to a database cluster running in Kubernetes, update its DBCluster manifest definition so that its databaseVersion value is […]

Ads

Gads

tcpdump: permission denied running as root

About The Author

daniel

Leave a Reply Cancel reply

Gads

Related posts

About The Author

daniel

Leave a Reply Cancel reply