tcpdump -i eth1 host blah -C 1 -W 10 -w ./testing should create testing0 - testin9 files acording to manpage. But any combination of -C and -W options and paths DOES NOT WORK. It create onyly a SINGLE FILE , nothing more .In conjiunction with -z flag as mentioned in the manpage error is thrown: "compress_savefile:execlp(bzip2, ./testing0): No such file or directory" even if the file actually IS in the path. Reproducible: Always Steps to Reproduce: 1. tcpdump -i eth1 host blah -C 1 -W 10 -w ./testing 2. watch actual path - only ONE file is created. 3. pull your hairs off if you need to capture bigger amounth of data to solve actual network problem :-/ Expected Results: testing0 testing1 testing2 etc in actual path. This is EXPECTET RESULT acording a MAN PAGE of tcpdump and acording a several online mentions and turotrials googlewide.
Confirmed, sort of. It looks like tcpdump drops privileges after it creates the first file, to tcpdump:tcpdump, even though the first file is created as root:root. gantu tcpdump $ sudo su Password: gantu tcpdump # tcpdump -i eth0 -s 0 -C 1 -W 10 -w testing tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes tcpdump: testing1: Permission denied However, if I chown the directory to tcpdump:tcpdump and chmod it to 775, gantu tcpdump $ ls total 4.1M -rw-r--r-- 1 root root 977K 2011-07-16 10:15 testing0 -rw-r--r-- 1 tcpdump tcpdump 977K 2011-07-16 10:15 testing1 it works. An alternative is to pass "-Z root" to tcpdump when running as root; this forces it to "drop" privileges to root every time it rotates the dump file.
*** This bug has been marked as a duplicate of bug 358329 ***
I don't think this is the same as bug 334329 because I compiled with USE="-chroot". The bug in this case is actually that the dump works at all; the first file should be created as the 'tcpdump' user, so if the command is run in a root-owned directory, it shouldn't work at all. Privileges are then dropped for dumps 2 through N, and the writes are correctly denied unless I change to a tcpdump-writeable directory.
*** This bug has been marked as a duplicate of bug 334329 ***