Last updated on November 21, 2020 by Dan Nanni
-roption to read from a packet dump file, I am getting an error from
tcpdumpsaying that "file permission denied". I am getting this error even when I run
tcpdumpwith root privilege. How can I fix this error?
If this problem happens on Ubuntu, it is possible that AppArmor (Ubuntu's access control system) may be interfering with
tcpdump when it attempts to read from a packet dump.
To verify that AppArmor indeeds causes this problem:
$ sudo cat /var/log/syslog | grep denied
Jan 7 10:48:50 server kernel: [1706354.881017] type=1400 audit(1389109730.217:14): apparmor="DENIED" operation="open" parent=26733 profile="/usr/sbin/tcpdump" name="/home/dev/packet.dump" pid=26734 comm="tcpdump" requested_mask="r" denied_mask="r" fsuid=0 ouid=1001
To avoid this problem, you can disable the restrictive AppArmor profile for
tcpdump temporarily as follows.
$ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.tcpdump
If you want to disable the AppArmor profile permanently across reboots, refer to this tutorial.
Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.