TCPdump write permission error when using -w option

I ran into this same issue as well on Ubuntu. Seems that tcpdump drops permissions after executing based upon the accepted answer for this question:

tcpdump failed withi permission denied on centos when using with rotated file option

I didn't start running into the permission issue myself until I started playing around with the -C options to limit file sizes. Even deleting the origin file I had in -w did not bring the permissions back nor did changing the -w to a different file within the same directory.

What did work was changing directories to a spot that was owned by root and had loose restrictions for the target directory and parent paths.

I'm not sure what tcpdump is doing under the hood to cause this problem, might dig into a little bit more some other time. I think it might be caching something and once you try the rotating file option, if your permissions aren't setup correctly it will break the non-rotating file options as well.

I have not been able to reproduce the symptoms you describe on Ubuntu 14.04. But I have seen those symptoms on earlier Ubuntu versions.

What I found to be the reason was that SELinux was configured to restrict where tcpdump was allowed to write.

The workaround I found at the time was to copy /usr/sbin/tcpdump to /root/bin/tcpdump and use that copy instead.