LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 11-29-2006, 06:51 PM   #1
g_mf_spot
LQ Newbie
 
Registered: Nov 2006
Posts: 8

Rep: Reputation: 0
tcpdump error


When I try to append my dump to a tracefile:

tcpdump -i eth0 -W port 8080 MyTraceFile

I get:

permission denied...

I am root when using this command.

tcpdump -i eth0 -w mytracefile

I have tried different methods with the same results.

This is my first post... Hello everyone.

Regards
 
Old 11-29-2006, 08:30 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
It works fine for me. Are you sure you're not on a read-only file system, like a LiveCD or something like that? The file system needs to be mounted rw in order to save a file to it.
 
Old 11-30-2006, 07:45 PM   #3
g_mf_spot
LQ Newbie
 
Registered: Nov 2006
Posts: 8

Original Poster
Rep: Reputation: 0
I am using Fedora Core 4 and I am logged in as root. I even changed the settings:

chmod 777 filename. I am not sure where to go from here.

Thank you for the response.

Regards
 
Old 11-30-2006, 07:56 PM   #4
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
I tried to copy-paste your command and get a syntax error (command modified to reflect that my active network device is eth1):
Code:
tcpdump -i eth1 -W port 8080 MyTraceFile
tcpdump: syntax error
...which was corrected by quoting the last three arguments (back to your network interface for this one, so you can copy-paste if you wish):
Code:
tcpdump -i eth0 -W "port 8080 MyTraceFile"
I'm not sure this will do what you want though. No dumping to file here.

Assuming that's not the issue you're having, there is still scope for permissions problems: If the filesystem to which you are trying to write mounted read-only, not even root can write to it. You can find out by entering this command in the directory which you are trying to write to:
Code:
mount |fgrep $(df . |cut -d" " -f1 |tail -n 1)
Paste the output of that command here.

Last edited by matthewg42; 11-30-2006 at 07:59 PM. Reason: because I messed up the post before :D
 
Old 11-30-2006, 08:00 PM   #5
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
Aha, is this what you wanted to do:
Code:
tcpdump -i eth0 -W "port 8080" > MyTraceFile
 
Old 11-30-2006, 08:08 PM   #6
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Code:
# tcpdump -i eth0 -w mytracefile
Is what I did and it works fine.

The question about how the file system is mounted still hasn't been answered, though. What directory are you in when you execute the above command? What is the output of
Code:
# mount
?
 
Old 12-01-2006, 01:57 PM   #7
g_mf_spot
LQ Newbie
 
Registered: Nov 2006
Posts: 8

Original Poster
Rep: Reputation: 0
I am not mounting any file system guys. I am just logging on as root and in the home directory I am just using the commands.

I can use the append command which works fine. If I want to save a whois for later research:

whois xxx.xxx.xxx.xxx > myfile

I see you you used the command:

tcpdump -i eth0 -W port 8080 > myfile

I have tried the append sign and when I do I do not get an error however no data is recorded.

When I try just

tcpdump -i eth0 -W port 8080 myfile

I get permission denied.

I am sure that it is some sort of mount issue but not sure what to mount....

I am sorry that I am a bit confused. What do I mount to? I am not using any mountable media like a disk or anything. The file I would like to trace to resides on the file system. like the root directory /home...
 
Old 12-01-2006, 03:19 PM   #8
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
Please do these commands from the directory in which you are trying to run tcpdump and paste the output:
Code:
pwd
ls -ld .
cat /etc/mtab |fgrep $(df . |cut -d" " -f1 |tail -n 1)
lsmod
ls -l `which tcpdump`
id
 
Old 12-01-2006, 03:48 PM   #9
g_mf_spot
LQ Newbie
 
Registered: Nov 2006
Posts: 8

Original Poster
Rep: Reputation: 0
[root@TOOL ~]# pwd
/root
[root@TOOL ~]# ls -ld
drwxr-x--- 21 root root 4096 Dec 1 15:28 .
[root@TOOL ~]# cat /etc/mtab |fgrep $(df . |cut -d " " -f1 |tail -n 1)
Usage: fgrep [OPTION]... PATTERN [FILE]...
Try `fgrep --help' for more information.
[root@TOOL ~]# cat /etc/mtab |fgrep $(df . |cut -d " " -f1 |tail -n 1) lsmod
[root@TOOL ~]# ls -l dump
-rw-r--r-- 1 root root 0 Dec 1 15:28 dump
[root@TOOL ~]#


What did the long command you had my type in do? No error or anything but it must have done
something... I really hope you are a nice guy... lol.

as you can see the dump file has rw for root. let me show you what happens ---

[root@TOOL ~]# tcpdump -i eth0 -w port 8080 dump
tcpdump: syntax error
[root@TOOL ~]# tcpdump -i eth0 port 8080 -w dump
tcpdump: dump: Permission denied
[root@TOOL ~]#
[root@TOOL ~]# ls -l dump
-rw-r--r-- 1 root root 0 Dec 1 15:28 dump
[root@TOOL ~]#
[root@TOOL ~]# chmod 755 dump
[root@TOOL ~]# ls -ld dump
-rwxr-xr-x 1 root root 0 Dec 1 15:28 dump
[root@TOOL ~]# tcpdump -i eth0 port 8080 -w dump
tcpdump: dump: Permission denied
[root@TOOL ~]#
[root@TOOL ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
74275968 21225344 49216768 31% /
/dev/hda1 101086 11786 84081 13% /boot
/dev/shm 322660 0 322660 0% /dev/shm
[root@TOOL ~]#


Thank you for the time. Again let me know what that command did please. Thanks.
 
Old 12-01-2006, 03:51 PM   #10
g_mf_spot
LQ Newbie
 
Registered: Nov 2006
Posts: 8

Original Poster
Rep: Reputation: 0
Hey just so you know when I type this:


[root@TOOL ~]# tcpdump -i eth0 -w port 8080 dump
tcpdump: syntax error
[root@TOOL ~]# tcpdump -i eth0 port 8080 -W dump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

it is listening but no data ever comes through... Is this the correct command?

Regards
 
Old 12-01-2006, 04:07 PM   #11
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
The command which failed (cat /etc/mtab |...) is probably the crucial one. OK, lets do it manually. Please paste the results of these commands:
Code:
cat /etc/mtab
df .
 
Old 12-01-2006, 04:35 PM   #12
g_mf_spot
LQ Newbie
 
Registered: Nov 2006
Posts: 8

Original Poster
Rep: Reputation: 0
[root@TOOL ~]# cat /etc/mtab
/dev/mapper/VolGroup00-LogVol00 / ext3 rw 0 0
/dev/proc /proc proc rw 0 0
/dev/sys /sys sysfs rw 0 0
/dev/devpts /dev/pts devpts rw,gid=5,mode=620 0 0
/dev/hda1 /boot ext3 rw 0 0
/dev/shm /dev/shm tmpfs rw 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0
sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw 0 0
automount(pid2642) /misc autofs rw,fd=4,pgrp=2642,minproto=2,maxproto=4 0 0
automount(pid2683) /net autofs rw,fd=4,pgrp=2683,minproto=2,maxproto=4 0 0
[root@TOOL ~]#


I noticed that when I type:

tcpdump port 8080 -W dump

This begins to listen and when something begins to show up in the terminal I control C and less the dump file however nothing is in it. So I guess for some reason the way I type it which seems to be the best way, I get a permission denied. And the way I type it as above it half works. hmmmmm.
 
Old 12-01-2006, 04:52 PM   #13
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Try reordering the arguments:
Code:
# tcpdump -i eth0 -w dump port 8080
I guess Fedora uses some crazy, custom build of tcpdump because on SuSE there is no -W option--it fails with a syntax error.

If all else fails, you can always do:
Code:
# tcpdump -i eth0 -l port 8080 | tee dump
Of course, you won't be able to read that later with tcpdump since it's the printed output rather than the binary packet data, but if you just want to view that data later by hand, it works fine.
 
  


Reply

Tags
denied, permission, tcpdump


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
tcpdump lakshminarayan Linux - Security 2 07-21-2006 04:50 AM
tcpdump Tihi Linux - Security 3 06-01-2005 06:54 AM
10.1 and tcpdump pr0nd3xtr Slackware - Installation 0 03-09-2005 04:37 PM
tcpdump telestudent Linux - Software 1 03-03-2005 11:07 PM
help tcpdump blackzone Linux - Networking 1 10-08-2004 08:07 AM


All times are GMT -5. The time now is 10:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration