I made a patch for tcpdump-3.4 that adds -u parameter. This patch allows tcpdump to drop root privileges after opening socket (like the arpwatch patch). I'm attaching the patch (too many lines to cut and paste). If you notice something wrong with the patch please let me know. Thanks, -Jarno
Created attachment 4934 [details] drop root patch for tcpdump-3.4