5

I want to capture UDP packages sent by an FPGA with ~10 Gbit/s bandwidth. I found that tcpdump combined with a fast SSD is perfectly capable of receiving a continuous 10 Gbit/s stream and storing it on disk without loss.

When I run sudo tcpdump, everything works as expected.

However, I need to be able to run tcpdump without sudo. Without sudo I get this error:

tcpdump: enp4s0f0: You don't have permission to capture on that device
(socket: Operation not permitted)

Here is what I found and tried so far to enable tcpdump without sudo:

sudo su
groupadd pcap
usermod -a -G pcap $USER
chgrp pcap /usr/sbin/tcpdump
chmod 750 /usr/sbin/tcpdump
setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

Proposed solution from here

According to the various pages that list this solution, this should give my regular user account the possibility to run tcpdump, right?

However, when I switch to my regular user account and run tcpdump, I get this:

bash: /sbin/tcpdump: Permission denied

(note that this error message is different compared to the initial error message)

I've verified via getent group pcap that my account is part of the pcap group. I've also verified that /sbin/tcpdump is owned by the group pcap. What am I missing?

Christian Disch
  • 81
  • 1
  • 1
  • 5

3 Answers3

3

After some experimenting, here is what finally worked for me:

sudo visudo

at the very END* of the sudoers file, enter this:

your_username ALL = NOPASSWD: /usr/sbin/tcpdump

(replace your_username with your username, write the changes to disk close the editor)

open a new terminal and run sudo tcpdump. It no longer asks for a password.

*putting the new rule at the end avoids that it might be overwritten by other rules.

Christian Disch
  • 81
  • 1
  • 1
  • 5
0

I do not have enough reputation to leave a comment, but it seems that you have a mistake in the binary paths.

In the commands chgrp and chmod you use the path /usr/sbin/tcpdump (notice the /usr at the beginning). But in the error you seem to try to run the executable /sbin/tcpdump (without the /usr at the beginning.)

Try to run the command which tcpdump to find the path to the binary you are calling when running the tcpdump command and then use this path at the chgrp and chmod commands.

I just used the commands at your post with the correct path (i.e. the one given by which tcpdump) and it worked for my in Ubuntu 22.04 installation.

By the way, this is proper way to run tcpdump. You should run it as a user. Running it as root or with sudo is dangerous.

Foivos
  • 19
0

I just ran into the same problem, the issue is here.

sudo su

usermod -a -G pcap $USER

in the "sudo su" context, USER = root, so you've added the root user to the pcap group, not your actual username. Just replace $USER with your actual username, don't forget to log out and back in, and you should see your user added to the group pcap

$ groups
myuser wheel pcap
pbach314159
  • 1