How to fix tcpdump in Ubuntu 9.04 Server

UbuntuLogo This simple how to will save you some frustration and fix the "permission denied" error when trying to use tcpdump. At first I thought it was a libpcap issue but come to find out it was a security measure that was in Ubuntu.

The Problem:

Permission Denied when running the following example.

tcpdump -v -s 1500 -w out.pcap host 10.0.0.1 and tcp port 22
tcpdump: out.pcap Permission Denied

The Solution:

You need to change the AppArmor setting for tcpdump.

aa-complain /usr/sbin/tcpdump - This will change it to complain
aa-enforce /usr/sbin/tcpdump - This will renable the AppArmor profile for tcpdump

Now you are able to run tcpdump without the permission denied error.

About AppArmor:

AppArmor is a Linux Security Module implementation of name-based access controls. AppArmor confines individual programs to a set of listed files and posix 1003.1e draft capabilities. AppArmor was first made available to Ubuntu in Ubuntu 7.04 in Universe.

You can read more about AppArmor in Ubuntu at https://help.ubuntu.com/community/AppArmor

Next >

The Computer Group

How to fix tcpdump in Ubuntu 9.04 Server

Quick Links

Featured Articles

Latest Articles