0

When I try to dump some traffic on my vserver's network interface, I get an error that I'm not allowed to do that:

# tcpdump -p -i eth0
tcpdump: eth0: You don't have permission to capture on that device
(socket: Operation not permitted)

I guess the problem is that my server provider seems to use a virtualization solution with shared Linux kernel (uname returns "2.6.33.7-vs2.3.0.36.30.4-netcup" as version).

Any way that allows me to dump outgoing traffic from a single process?

AndiDog
  • 321
  • 2
  • 5
  • 19
  • 2
    Any "real" hypervisor-powered VPS would allow this, so I'm guessing that you're on a pseudo VPS, probably running under OpenVZ or the like, which doesn't give users access to this type of device. – EEAA Feb 23 '12 at 00:13
  • @ErikA: Yes, that's what I meant. As I found out now, the provider uses Linux-VServer for virtualization. (Did I use the wrong term with "VPS"?) – AndiDog Feb 23 '12 at 10:21

1 Answers1

2

You could try using the strace command to trace the system calls your application is making. Something like this:

strace -o trace -e trace=read,write -s 8192 /path/to/my/command

This will launch /path/to/my/command under control of strace. It will log all read and write system calls (so not just network traffic, but any other i/o) to a file called trace. It will log up to 8192 characters for each read/write call.

This may or may not be helpful for your current situation.

larsks
  • 43,623
  • 14
  • 121
  • 180
  • That's a nice solution, and I can simply filter it with `grep`. As a hint: One may also want to add "send,sendto" to the tracing (for outgoing packets). – AndiDog Feb 23 '12 at 10:27