tcpdump -z


This is a froward message from tcpdump-workers mail list:

=== 8< ================ >8 ===
From: ef <>
Subject: tcpdump -z: command execution
Date: Fri, 27 Aug 2010 09:33:48 +0200
To: tcpdump-workers@xxxxxxxxxxxxxxxxx


Thx for tcpdump, very valuable tool!

Was looking at the new version of tcpdump a few days ago and saw this
Used in conjunction with the -C or -G options, this will make tcpdump run "
command file " where file is the savefile being closed after each rotation.
For example, specifying -z gzip or -z bzip2 will compress each savefile
using gzip or bzip2.
Note that tcpdump will run the command in parallel to the capture, using the
lowest priority so that this doesn't disturb the capture process.
And in case you would like to use a command that itself takes flags or
different arguments, you can always write a shell script that will take the
savefile name as the only argument, make the flags & arguments arrangements
and execute the command that you want.

I think there are many environments that restrict users but give access to
tcpdump via sudo. With this option tcpdump can execute any command:

$ ./tcpdump -V
tcpdump version 4.1.1

$ sudo ./tcpdump -i any -G 1 -z ./ -w dump port 55555
[sudo] password for user:
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size
65535 bytes
(generate some traffic on port 55555)
root@blaa ~/temp/tcpdump-4.1.1$ id
uid=0(root) gid=0(root) groups=0(root)

$ cat

Is this known and accepted? Could this option maybe be implemented

=== 8< ================ >8 ===

WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@xxxxxxx
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][][LJ:/nuclight]

freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Mysterious delay establishing any TCP/IP connection
    ... >> trace with tcpdump of an attempted connection? ... >> seconds before your initial packet for a connection request is sent, ... > the following command: ... Neil Horman ...
  • Re: dumping net traffic to log file
    ... in my dev directory em0 is mapped to net1. ... command with net1, ... tcpdump works nicely for this. ...
  • Re: [bash] running script for specific time
    ... will execute specific command (for example tcpdump, tail or something like ...
  • Problem parsing tcpdump tcp[13] output
    ... I wrote a little script to log the network traffic on a firewall and I ... The script works very well when the command is a classic tcpdump one ... It doesn't print anything although tcpdump catured packets. ...
  • Re: tcpdump and tracing traffic
    ... > I need to use tcpdump to trace why one Web Site suddenly becomes ... The 'man' command is free and unlimited in the unix-es i have used. ...