the-tcpdump-group / tcpdump

the TCPdump network dissector
https://www.tcpdump.org/
Other
2.72k stars 851 forks source link

tcpdump: eth0: You don't have permission to capture on that device (running as sudo) #674

Closed jborch closed 6 years ago

jborch commented 6 years ago

How come I get the following error, when running the command as sudo

$ sudo tcpdump -qnntttt dst port 80 or 443

tcpdump: eth0: You don't have permission to capture on that device
(socket: Operation not permitted)

I can't find anyone reporting the same issue.

The command is run in a docker container, maybe that's the issue.

guyharris commented 6 years ago

The command is run in a docker container, maybe that's the issue.

That's one possibility. A "Docker networking considered harmful" page says

There are a few ways to mitigate such an attack. One might run the container without NET_RAW capability so that programmes inside cannot create PF_PACKET sockets that are needed to perform an ARP spoofing attack. As quite a few useful network diagnosis utilities such as ping, traceroute or tcpdump require the NET_RAW capability to work, this approach has some drawbacks.

so if the container is running without NET_RAW capability, you won't be able to run a packet sniffer such as tcpdump in it.

jborch commented 6 years ago

Thanks!

That's probably whats happening.