Re: Is it safe to run tcpdump?

To: erikmccaskey64 <erikmccaskey64%zoho.com@localhost>
Subject: Re: Is it safe to run tcpdump?
From: Matthias Scheler <tron%zhadum.org.uk@localhost>
Date: Sat, 5 Mar 2011 14:19:01 +0000

On Sat, Mar 05, 2011 at 04:10:18AM -0800, erikmccaskey64 wrote:
> Is it safe to always run tcpdump on the server, e.g.: like this:
> 
> 
> tcpdump -qn dst net 192.168.1.0/24
> 
> 
> I need it to "audit the network" .. :\

Short answer:
No.

Long answer:
Yes, it is usually safe. But there are a few risks:

1.) Using "tcpdump" without the "-p" option will very likely disrupt
    your network traffic for a few seconds.

2.) Using "tcpdump" will slow down your server which might cause problems.

3.) There is always chance of a software bug. "tcpdump" had bugs in the
    past (and possibly still has) where it could be crashed by malformed
    packets. That risk affects all packet capture applications. Wireshark
    had a huge number of such bugs in the past.

        Kind regards

-- 
Matthias Scheler                                  http://zhadum.org.uk/

Follow-Ups:
- Re: Is it safe to run tcpdump?
  - From: matthew sporleder
- Re: Is it safe to run tcpdump?
  - From: Geert Hendrickx

References:
- Is it safe to run tcpdump?
  - From: erikmccaskey64

Prev by Date: Is it safe to run tcpdump?
Next by Date: Re: Is it safe to run tcpdump?
Previous by Thread: Is it safe to run tcpdump?
Next by Thread: Re: Is it safe to run tcpdump?
Indexes:

Home | Main Index | Thread Index | Old Index