I had an interesting issue tonight... I needed to perform a packet capture of a Linksys PAP. I used the second NIC in my CentOS 5.5 test server but I needed to setup tcpdump so it would continually write the packet capture to disk for 24 - 48 hours. I tried the following command line arguements;
tcpdump -s0 -i eth1 host 192.168.1.7 -w linksys.pcap -C 10
And I received the following error message;
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: linksys.pcap: Permission denied
The first error message can be safely ignored. I run eth1 as a stealth NIC with no IP interface attached to it so my packet captures will be clean. The second error message left me scratching my head, "Permission denied" really?
It took me a second or two to realize that tcpdump was (by default) changing user contexts from root to the user pcap. The user pcap didn't have rights to the filesystem I was in. I made a new directory with the appropriate rights and I was off and running.
What was supposed to take 60 seconds took 10 minutes...
Cheers!
