I made a patch for tcpdump-3.4 that adds -u parameter. This patch
allows tcpdump to drop root privileges after opening socket (like
the arpwatch patch).
I'm attaching the patch (too many lines to cut and paste). If you notice
something wrong with the patch please let me know.
Created attachment 4934 [details]
drop root patch for tcpdump-3.4