tcpdump permissions problem

permissions 14.04 tcpdump

Am having trouble running tcpdump. I must run tcpdump with non-root user. Searched the web for my problem and figured out I should:

sudo setcap cap_net_admin=eip /usr/sbin/tcpdump

That enabled me to run tcpdump with my user but then I got:

you don't have permission to capture on that device

on any device I tried capturing.

Also went a little brute-force and did:

sudo chmod +s /usr/sbin/tcpdump

That didn't do it either.


Solution 1:

It's a little late, but I just had the same problem. You need to give tcpdump the permission and capability to allow raw packet captures and network interface manipulation.

Add a capture group and add yourself to it:

sudo groupadd pcap
sudo usermod -a -G pcap $USER

Next, change the group of tcpdump and set permissions:

sudo chgrp pcap /usr/sbin/tcpdump
sudo chmod 750 /usr/sbin/tcpdump

Finally, use setcap to give tcpdump the necessary permissions:

sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

Be careful, that this will allow everybody from the group pcap to manipulate network interfaces and read raw packets!

Found it here: Configure tcpdump to work as non-root

Related

Can someone harm my computer just using grub?
Running a simulation on pure Ubuntu vs on Ubuntu in Windows (WSL)
rsync not working between NTFS/FAT and EXT
Update the system from terminal [duplicate]
Which IDE should I use for Vala?
How to get the GRUB using virtualbox?
Why does bash thinks that 010 is 8?
How to install traceroute in Linux?
Systemctl command to display a summary of running services
How does the Ubuntu Server installer get my ssh key from Github?
How to install Ubuntu on a laptop with soldered RAM module that has damaged cells
Function of /etc/cron.hourly