Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
It works fine for me. Are you sure you're not on a read-only file system, like a LiveCD or something like that? The file system needs to be mounted rw in order to save a file to it.
I tried to copy-paste your command and get a syntax error (command modified to reflect that my active network device is eth1):
Code:
tcpdump -i eth1 -W port 8080 MyTraceFile
tcpdump: syntax error
...which was corrected by quoting the last three arguments (back to your network interface for this one, so you can copy-paste if you wish):
Code:
tcpdump -i eth0 -W "port 8080 MyTraceFile"
I'm not sure this will do what you want though. No dumping to file here.
Assuming that's not the issue you're having, there is still scope for permissions problems: If the filesystem to which you are trying to write mounted read-only, not even root can write to it. You can find out by entering this command in the directory which you are trying to write to:
Code:
mount |fgrep $(df . |cut -d" " -f1 |tail -n 1)
Paste the output of that command here.
Last edited by matthewg42; 11-30-2006 at 06:59 PM.
Reason: because I messed up the post before :D
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Code:
# tcpdump -i eth0 -w mytracefile
Is what I did and it works fine.
The question about how the file system is mounted still hasn't been answered, though. What directory are you in when you execute the above command? What is the output of
I am not mounting any file system guys. I am just logging on as root and in the home directory I am just using the commands.
I can use the append command which works fine. If I want to save a whois for later research:
whois xxx.xxx.xxx.xxx > myfile
I see you you used the command:
tcpdump -i eth0 -W port 8080 > myfile
I have tried the append sign and when I do I do not get an error however no data is recorded.
When I try just
tcpdump -i eth0 -W port 8080 myfile
I get permission denied.
I am sure that it is some sort of mount issue but not sure what to mount....
I am sorry that I am a bit confused. What do I mount to? I am not using any mountable media like a disk or anything. The file I would like to trace to resides on the file system. like the root directory /home...
This begins to listen and when something begins to show up in the terminal I control C and less the dump file however nothing is in it. So I guess for some reason the way I type it which seems to be the best way, I get a permission denied. And the way I type it as above it half works. hmmmmm.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Try reordering the arguments:
Code:
# tcpdump -i eth0 -w dump port 8080
I guess Fedora uses some crazy, custom build of tcpdump because on SuSE there is no -W option--it fails with a syntax error.
If all else fails, you can always do:
Code:
# tcpdump -i eth0 -l port 8080 | tee dump
Of course, you won't be able to read that later with tcpdump since it's the printed output rather than the binary packet data, but if you just want to view that data later by hand, it works fine.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.