On 03/05/11 12:10, erikmccaskey64 wrote: > Is it safe to always run tcpdump on the server, e.g.: like this: > > > tcpdump -qn dst net 192.168.1.0/24 > > > I need it to "audit the network" .. :\ > > Hi,
Safe No, because according to the above your displaying to the screen. Running tcpdump requires you to have logged on as root, leaving something running logged on as root is not the safe way. At least use sudo, or use tcpdump to capture to a file using -w parameter in the background, something like $ sudo tcpdump -qn -w /pathto/xxx.pcap dst net 192.168.1.0/24 & Also ensure that there is enough space for xxx.pcap on the filesystem. tcpdump on OpenBSD uses privilege separation, and switches to _tcpdump user, chroot'd to /var/empty directory. Regards Nigel Taylor
