tcpdump: eth0: You don't have permission to capture on that device (running as sudo)

[jborch]

How come I get the following error, when running the command as sudo

$ sudo tcpdump -qnntttt dst port 80 or 443

tcpdump: eth0: You don't have permission to capture on that device
(socket: Operation not permitted)

I can't find anyone reporting the same issue.

The command is run in a docker container, maybe that's the issue.

[guyharris]

The command is run in a docker container, maybe that's the issue.

That's one possibility. A "Docker networking considered harmful" page says

There are a few ways to mitigate such an attack. One might run the container without NET_RAW capability so that programmes inside cannot create PF_PACKET sockets that are needed to perform an ARP spoofing attack. As quite a few useful network diagnosis utilities such as ping, traceroute or tcpdump require the NET_RAW capability to work, this approach has some drawbacks.

so if the container is running without NET_RAW capability, you won't be able to run a packet sniffer such as tcpdump in it.

[jborch]

Thanks!

That's probably whats happening.