tcpdump udp portrange 1000-5000 -w capture.pcap
The above can be opened with wireshark for inspection.
tcpdump udp portrange 1000-5000 -w capture.pcap
The above can be opened with wireshark for inspection.
If you are trying to packet capture on a remote server as a non root user carry out the following as root:
Add a capture group and add yourself to it:
groupadd pcap usermod -a -G pcap nonrootuser
Next, change the group of tcpdump and set permissions:
chgrp pcap /usr/sbin/tcpdump chmod 750 /usr/sbin/tcpdump
Finally, use setcap to give tcpdump the necessary permissions:
setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
Credit goes to askubuntu.com: http://askubuntu.com/questions/530920/tcpdump-permissions-problem
Recent Comments