How to fix tcpdump in Ubuntu 9.04 Server
This simple how to will save you some frustration and fix the "permission denied" error when trying to use tcpdump. At first I thought it was a libpcap issue but come to find out it was a security measure that was in Ubuntu. The Problem: Permission Denied when running the following example.
1.tcpdump -v -s 1500 -w out.pcap host 10.0.0.1 and tcp port 22
2.tcpdump: out.pcap Permission Denied
The Solution: You need to change the AppArmor setting for tcpdump.
1.aa-complain /usr/sbin/tcpdump - This will change it to complain
2.aa-enforce /usr/sbin/tcpdump - This will renable the AppArmor profile for tcpdump
Now you are able to run tcpdump without the permission denied error. About AppArmor: AppArmor is a Linux Security Module implementation of name-based access controls. AppArmor confines individual programs to a set of listed files and posix 1003.1e draft capabilities. AppArmor was first made available to Ubuntu in Ubuntu 7.04 in Universe. You can read more about AppArmor in Ubuntu at https://help.ubuntu.com/community/AppArmor
About the Author
The Computer Group
2171 E. Morgan Ave
Evansville, IN 47711
Phone: (812) 402-7720
Fax: (812) 250-4857