I am creating a tcpdump file using "tcpdump tcp -w tcp1" but I can't use the -r function to read the file as it says "permissions denied". I used chmod to try and change permissions even changed group permissions and still now affect. Help! Thank you
ubuntu 20.04
root#ubuntu:~# tcpdump tcp -w tcp1
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
985 packets captured
985 packets received by filter
0 packets dropped by kernel
root#ubuntu:~# tcpdump -r tcp1
tcpdump: tcp1: Permission denied
root#ubuntu:~#
It's to do with AppAmour - you'll need to disable it first.
There are instructions here: https://www.xmodulo.com/disable-particular-apparmor-profile-ubuntu.html
I hard to restart by box, just restarting the service didn't seem to do it.
Related
I am trying to force snmpd to listen on port 1610 (instead of the default port 161).
When I turn on debugging, it looks like snmpd insists on listening on port 161, in addition to any other agent address I specify.
I am running net-snmp 5.7.2 on Ubuntu.
Here is my snmpd.conf:
agentaddress dtlsudp:localhost:1610
agentuser root
agentgroup root
Here's how I launch snmpd:
snmpd -f -r -DALL -c snmpd.conf
I can see that snmpd parses the config file and recognizes the desired port 1610, but it tries to listen on port 161 as well!
read_config:parser: Found a parser. Calling it: agentaddress / dtlsudp:localhost:1610
snmpd_ports: port spec: udp:127.0.0.1:161,udp:localhost:1610,dtlsudp:localhost:1610,udp:localhost:1610,dtlsudp:localhost:1610
netsnmp_ds_set_string: Setting APP:2 = "udp:127.0.0.1:161,udp:localhost:1610,dtlsudp:localhost:1610,udp:localhost:1610,dtlsudp:localhost:1610"
snmp_agent: final port spec: "udp:127.0.0.1:161,udp:localhost:1610,dtlsudp:localhost:1610,udp:localhost:1610,dtlsudp:localhost:1610"
How can I prevent snmpd from listening on port 161 ???
Any help appreciated.
I discovered that snmpd always reads /etc/snmp/snmpd.conf unless you explicitly disable that using the -C option.
The following command worked. It only read my local config file.
snmpd -f -DALL -C -c snmpd.conf
I have a Docker machine, and I want it to be able to use port 3306. But that port is already in use.
I don't remember installing MySQL on the host machine, but I've done a lot of dumb things over the years, so there's a good chance I did. I run brew services list to see if it's a brew service that is blocking the port. Nope. Nothing is listed.
So I run sudo lsof -i tcp:3306 and get the following:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 71046 _mysql 28u IPv6 0xbdab224a8a9b989f 0t0 TCP *:mysql (LISTEN)
OK. Simple to kill, right? I run sudo kill -QUIT 71046 and run sudo lsof -i tcp:3306 again. Now there's a different process listening on the same port:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 71207 _mysql 28u IPv6 0xbdab224a8a9ba41f 0t0 TCP *:mysql (LISTEN)
This process goes on as many times as I care to repeat it. Trying to run mysql or mysqld runs into a command not found error.
So my question: What command do I have to run to permanently stop mysqld from respawning ad infinitum?
(Bonus points if you can help me get rid of the setting that starts it automatically when my machine starts.)
I gave a comment above that led you to the answer, but here's a more full explanation for the benefit of future readers:
I infer you are on MacOS because you mention brew. MacOS is weird because there are multiple ways to run MySQL Server. Brew is one of them, but the official download from MySQL.com uses a native package installer, and creates a launch daemon and a System Preferences pane to manage the launch daemon.
https://dev.mysql.com/doc/refman/5.7/en/osx-installation-prefpane.html
You can use the preferences pane to start and stop the launch daemon, or enable/disable its automatic startup.
No wireline connects to net for my local pc.
Apache2 was installed and a music was put on /var/www/html/test.ogg.
It can be played with chrome 127.0.0.1/test.ogg.
tcpdump was running when playing the music----test.ogg with chrome.
sudo tcpdump tcp port 80 -i lo -vv
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
Why the command get nothing excepttcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes?
You should check the following:
Is chrome cache cleared?
What is the response code in chrome - it should be 200 OK.
Chrome is making a connection on 127.0.0.1:some_ephemeral_port -- to apache:127.0.0.1:80 - make sure it is 80, not 443!
Start the capture before opening the file (when did you start the capture)?
In case nothing helps try, sudo tcpdump -i any -vv port 80 (if you are sure of the port).
Try capturing other requests - like the apache home page and see if that works.
I'm in a network and i wanna capture ftp packets from another server in the network but i have a problem with tcpdump about this.
I've used this command :
tcpdump -i eth0 dst X.X.X.X -A and port 21
But it doesn't shows anything! ( i tested and sure that ftp port is 21 )
But if i use this on my server it works properly.
tcpdump -i eth0 -A and port 21
I've this problem when i enter " port " in the command. but if i enter a command without specific port it works and captures properly.
What is the problem?
Thanks.
I don't have enough reputation to ask a question, so this is part question and part insight.
Is the IP you're filtering on the client or the server for the FTP connection?
For the first command, try using src x.x.x.x or just host x.x.x.x and port 21.
For the second command, the "and" is not necessary with the -A flag. This should look more like this:
tcpdump -A -i eth0 port 21
tcpdump -Ai eth0 port 21
Another thing I've seen is if there are vlan tags, normal filtering won't work without adding "vlan and " to your filter. For example:
tcpdump -A -i eth0 "vlan and host x.x.x.x and port 21"
Also keep in mind that FTP uses a control and data connection. The control is over port 21, but the data can vary depending on whether you're using active or passive FTP.
I need to limit file size when I run "tcpdump -w 1.pcap". I try to do this with the key "-C", but when I add it I get error "permission denied". So:
> sudo tcpdump -w 1.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C821 packets captured
847 packets received by filter
24 packets dropped by kernel
But:
> sudo tcpdump -C 100 -w 1.pcap
tcpdump: 1.pcap: Permission denied
I run the command from my home directory and I tried to remove and create the file before running the command with different permissions, finally I have:
-rwxrwxrwx 1 root root 0 Aug 5 10:30 1.pcap
or
-rwxrwxrwx 1 fd8 users 0 Aug 5 10:30 1.pcap
Could you suggest why in the second case I can't write to the file?
You need to do -Z root. Read the man page:
-Z Drops privileges (if root) and changes user ID to user and the group ID to the primary group of user.
This behavior is enabled by default (-Z tcpdump), and can be disabled by -Z root.
I experienced similar issues on Ubuntu 12.04 LTS and my case was fixed as below procedures.
sudo apt-get install apparmor-utils
The aa-complain command which referred by user2704275 is included in this package.
If your environment is RedHat/CentOS distro, you can same command by yum.
sudo aa-complain /usr/sbin/tcpdump
This will change AppArmor mode of tcpdump from "enforce" to "complain".
You can check AppArmor status in /sys/kernel/security/apparmor/profiles.
Then I can success to get tcpdump with sudo.
After getting tcpdump, for security reason, you might revert apparmor status to previous mode as below command.
sudo aa-enforce /usr/sbin/tcpdump
Regards.
I experienced similar problems when I tried to read from file, like
tcpdump -r example.cap 'icmp[icmptype] = icmp-echo'
For me AppArmor caused the problem I had to switch from 'enforcement' mode to 'complain' mode on 'tcpdump'. Run the following command as root:
aa-complain /usr/sbin/tcpdump