When I try to append my dump to a tracefile:

tcpdump -i eth0 -W port 8080 MyTraceFile

I get:

permission denied...

I am root when using this command.

tcpdump -i eth0 -w mytracefile

I have tried different methods with the same results.

This is my first post... Hello everyone.

Regards

It works fine for me. Are you sure you're not on a read-only file system, like a LiveCD or something like that? The file system needs to be mounted rw in order to save a file to it.

I am using Fedora Core 4 and I am logged in as root. I even changed the settings:

chmod 777 filename. I am not sure where to go from here.

Thank you for the response.

Regards

I tried to copy-paste your command and get a syntax error (command modified to reflect that my active network device is eth1):
...which was corrected by quoting the last three arguments (back to your network interface for this one, so you can copy-paste if you wish):
I'm not sure this will do what you want though. No dumping to file here.

Assuming that's not the issue you're having, there is still scope for permissions problems: If the filesystem to which you are trying to write mounted read-only, not even root can write to it. You can find out by entering this command in the directory which you are trying to write to:
Paste the output of that command here.

Aha, is this what you wanted to do:

Is what I did and it works fine.

The question about how the file system is mounted still hasn't been answered, though. What directory are you in when you execute the above command? What is the output of?

I am not mounting any file system guys. I am just logging on as root and in the home directory I am just using the commands.

I can use the append command which works fine. If I want to save a whois for later research:

whois xxx.xxx.xxx.xxx > myfile

I see you you used the command:

tcpdump -i eth0 -W port 8080 > myfile

I have tried the append sign and when I do I do not get an error however no data is recorded.

When I try just

tcpdump -i eth0 -W port 8080 myfile

I get permission denied.

I am sure that it is some sort of mount issue but not sure what to mount....

I am sorry that I am a bit confused. What do I mount to? I am not using any mountable media like a disk or anything. The file I would like to trace to resides on the file system. like the root directory /home...

Please do these commands from the directory in which you are trying to run tcpdump and paste the output:

[root@TOOL ~]# pwd
/root
[root@TOOL ~]# ls -ld
drwxr-x--- 21 root root 4096 Dec 1 15:28 .
[root@TOOL ~]# cat /etc/mtab |fgrep $(df . |cut -d " " -f1 |tail -n 1)
Usage: fgrep [OPTION]... PATTERN [FILE]...
Try `fgrep --help' for more information.
[root@TOOL ~]# cat /etc/mtab |fgrep $(df . |cut -d " " -f1 |tail -n 1) lsmod
[root@TOOL ~]# ls -l dump
-rw-r--r-- 1 root root 0 Dec 1 15:28 dump
[root@TOOL ~]#


What did the long command you had my type in do? No error or anything but it must have done
something... I really hope you are a nice guy... lol.

as you can see the dump file has rw for root. let me show you what happens ---

[root@TOOL ~]# tcpdump -i eth0 -w port 8080 dump
tcpdump: syntax error
[root@TOOL ~]# tcpdump -i eth0 port 8080 -w dump
tcpdump: dump: Permission denied
[root@TOOL ~]#
[root@TOOL ~]# ls -l dump
-rw-r--r-- 1 root root 0 Dec 1 15:28 dump
[root@TOOL ~]#
[root@TOOL ~]# chmod 755 dump
[root@TOOL ~]# ls -ld dump
-rwxr-xr-x 1 root root 0 Dec 1 15:28 dump
[root@TOOL ~]# tcpdump -i eth0 port 8080 -w dump
tcpdump: dump: Permission denied
[root@TOOL ~]#
[root@TOOL ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
74275968 21225344 49216768 31% /
/dev/hda1 101086 11786 84081 13% /boot
/dev/shm 322660 0 322660 0% /dev/shm
[root@TOOL ~]#


Thank you for the time. Again let me know what that command did please. Thanks.

Hey just so you know when I type this:


[root@TOOL ~]# tcpdump -i eth0 -w port 8080 dump
tcpdump: syntax error
[root@TOOL ~]# tcpdump -i eth0 port 8080 -W dump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

it is listening but no data ever comes through... Is this the correct command?

Regards

The command which failed (cat /etc/mtab |...) is probably the crucial one. OK, lets do it manually. Please paste the results of these commands:

[root@TOOL ~]# cat /etc/mtab
/dev/mapper/VolGroup00-LogVol00 / ext3 rw 0 0
/dev/proc /proc proc rw 0 0
/dev/sys /sys sysfs rw 0 0
/dev/devpts /dev/pts devpts rw,gid=5,mode=620 0 0
/dev/hda1 /boot ext3 rw 0 0
/dev/shm /dev/shm tmpfs rw 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0
sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw 0 0
automount(pid2642) /misc autofs rw,fd=4,pgrp=2642,minproto=2,maxproto=4 0 0
automount(pid2683) /net autofs rw,fd=4,pgrp=2683,minproto=2,maxproto=4 0 0
[root@TOOL ~]#


I noticed that when I type:

tcpdump port 8080 -W dump

This begins to listen and when something begins to show up in the terminal I control C and less the dump file however nothing is in it. So I guess for some reason the way I type it which seems to be the best way, I get a permission denied. And the way I type it as above it half works. hmmmmm.

Try reordering the arguments:
I guess Fedora uses some crazy, custom build of tcpdump because on SuSE there is no -W option--it fails with a syntax error.

If all else fails, you can always do:
Of course, you won't be able to read that later with tcpdump since it's the printed output rather than the binary packet data, but if you just want to view that data later by hand, it works fine.