Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 04 Jun 2016 18:43:44 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 210031] tcpdump -G flag unable to roll over pcap files
Message-ID:  <bug-210031-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210031

            Bug ID: 210031
           Summary: tcpdump -G flag unable to roll over pcap files
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: mshirk@daemon-security.com

Tested on the FreeBSD 11 Current:

FreeBSD  11.0-ALPHA2 FreeBSD 11.0-ALPHA2 #0 r301230: Fri Jun  3 03:01:37 UTC
2016     root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64

Ideally, tcpdump can be used to log network traffic to disk and roll the pc=
ap
files based on a time setting, such as 60 seconds with -G 60.

On 11-Current, it appears that there is an issue with capabilities in using
this feature. After 60 seconds with -G 60, tcpdump will write the file, but=
 it
will be unable to open up and write to a new file.

Here is the output from the cli (11-ALPHA Live CD under bhyve )

root@:~ # tcpdump -i vtnet0 -nns 0 -G 3 -w /tmp/test.pcap
tcpdump: listening on vtnet0, link-type EN10MB (Ethernet), capture size 262=
144
bytes
tcpdump: /tmp/test.pcap: Not permitted in capability mode
root@:~ # ls -ltra /tmp
total 36
drwxr-xr-x  17 root  wheel     4096 Jun  3 03:16 ..
drwxrwxr-x   2 root  operator   512 Jun  4 14:35 .snap
drwxrwxrwt   2 root  wheel      512 Jun  4 14:35 .X11-unix
drwxrwxrwt   2 root  wheel      512 Jun  4 14:35 .XIM-unix
drwxrwxrwt   2 root  wheel      512 Jun  4 14:35 .ICE-unix
drwxrwxrwt   2 root  wheel      512 Jun  4 14:35 .font-unix
drwxrwxrwt   8 root  wheel      512 Jun  4 14:38 .
drwxr-xr-x   2 root  wheel      512 Jun  4 14:38 bsdinstall_etc
-rw-r--r--   1 root  wheel       24 Jun  4 14:41 test.pcap
root@:~ #

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-210031-8>