Re: Is it safe to run tcpdump?

To: Matthias Scheler <tron%zhadum.org.uk@localhost>
Subject: Re: Is it safe to run tcpdump?
From: Geert Hendrickx <geert%hendrickx.be@localhost>
Date: Sat, 5 Mar 2011 17:31:21 +0100

On Sat, Mar 05, 2011 at 14:19:01 +0000, Matthias Scheler wrote:
> 3.) There is always chance of a software bug. "tcpdump" had bugs in the
>     past (and possibly still has) where it could be crashed by malformed
>     packets. That risk affects all packet capture applications. Wireshark
>     had a huge number of such bugs in the past.

Almost all of these bugs are in the protocol analysis code, not in the
bare packet sniffer itself.  You could run tcpdump -w <dumpfile.pcap>
as root, and then analyse the pcap file off-line (with tcpdump -r,
wireshark or whatever) as an unprivileged user, to contain the risk of
such exploits.

        Geert

-- 
geert.hendrickx.be :: geert%hendrickx.be@localhost :: PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!

References:
- Is it safe to run tcpdump?
  - From: erikmccaskey64
- Re: Is it safe to run tcpdump?
  - From: Matthias Scheler

Prev by Date: Re: Is it safe to run tcpdump?
Next by Date: Re: Is it safe to run tcpdump?
Previous by Thread: Re: Is it safe to run tcpdump?
Next by Thread: Re: Is it safe to run tcpdump?
Indexes:

Home | Main Index | Thread Index | Old Index