tcpdump -i eth1 host blah -C 1 -W 10 -w ./testing should create testing0 - testin9 files acording to manpage. But any combination of -C and -W options and paths DOES NOT WORK. It create onyly a SINGLE FILE , nothing more .In conjiunction with -z flag as mentioned in the manpage error is thrown: "compress_savefile:execlp(bzip2, ./testing0): No such file or directory" even if the file actually IS in the path.
Steps to Reproduce:
1. tcpdump -i eth1 host blah -C 1 -W 10 -w ./testing
2. watch actual path - only ONE file is created.
3. pull your hairs off if you need to capture bigger amounth of data to solve actual network problem :-/
testing0 testing1 testing2 etc in actual path. This is EXPECTET RESULT acording a MAN PAGE of tcpdump and acording a several online mentions and turotrials googlewide.
Confirmed, sort of. It looks like tcpdump drops privileges after it creates the first file, to tcpdump:tcpdump, even though the first file is created as root:root.
gantu tcpdump $ sudo su
gantu tcpdump # tcpdump -i eth0 -s 0 -C 1 -W 10 -w testing
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535
tcpdump: testing1: Permission denied
However, if I chown the directory to tcpdump:tcpdump and chmod it to 775,
gantu tcpdump $ ls
-rw-r--r-- 1 root root 977K 2011-07-16 10:15 testing0
-rw-r--r-- 1 tcpdump tcpdump 977K 2011-07-16 10:15 testing1
An alternative is to pass "-Z root" to tcpdump when running as root; this forces it to "drop" privileges to root every time it rotates the dump file.
*** This bug has been marked as a duplicate of bug 358329 ***
I don't think this is the same as bug 334329 because I compiled with USE="-chroot". The bug in this case is actually that the dump works at all; the first file should be created as the 'tcpdump' user, so if the command is run in a root-owned directory, it shouldn't work at all.
Privileges are then dropped for dumps 2 through N, and the writes are correctly denied unless I change to a tcpdump-writeable directory.
*** This bug has been marked as a duplicate of bug 334329 ***