Description: tcpdump starts in non promiscuous mode by default and changes to promiscuous mode with -p option while documentation (man) still states that -p should be used to start it in NON promiscuous mode. It breaks a lot of my scripts :( Conclusion: Probably a typo in a code or documentation bug at least.
There is an error in Alexey Kuznetsov's tcpdump enhancements for Linux that causes this. Seems he decided that it would be fun to swap the default over. This silently breaks some security tools. In addition the same patch contains an ANK hack that breaks setuid use of tcpdump except for a hardcoded uid 2090. (search for 2090 in the ANK patch in the source rpm, the promisc bug introduction is right by it). Looks like that chunk of ANK stuff wants dropping back to the old (NO_ANK_FIX) edition. Alan
The 2090 setuid problem is fixed in tcpdump-3.4-17 from Raw Hide.
Marked as fixed, so closing the bug.
Only the 2090 problem has been fixed, the documentation needs to be updated (the behavior is not going to change. A shell wrapper to diddle the -p flag and supply -i eth0 is trivial, and will preserve the Good Ol' tcpdump behavior).
*** Bug 9945 has been marked as a duplicate of this bug. ***
Fixed (by updating man page) in tcpdump-3.4-22.