tcpdump starts in non promiscuous mode by default and
changes to promiscuous mode with -p option while
documentation (man) still states that -p should be used to
start it in NON promiscuous mode.
It breaks a lot of my scripts :(
Probably a typo in a code or documentation bug at least.
There is an error in Alexey Kuznetsov's tcpdump enhancements for Linux that
causes this. Seems he decided that it would be fun to swap the default over.
This silently breaks some security tools. In addition the same patch contains
an ANK hack that breaks setuid use of tcpdump except for a hardcoded uid 2090.
(search for 2090 in the ANK patch in the source rpm, the promisc bug
introduction is right by it). Looks like that chunk of ANK stuff wants dropping
back to the old (NO_ANK_FIX) edition.
The 2090 setuid problem is fixed in tcpdump-3.4-17 from Raw Hide.
Marked as fixed, so closing the bug.
Only the 2090 problem has been fixed, the documentation needs to be updated
(the behavior is not going to change. A shell wrapper to diddle the -p flag
and supply -i eth0 is trivial, and will preserve the Good Ol' tcpdump behavior).
*** Bug 9945 has been marked as a duplicate of this bug. ***
Fixed (by updating man page) in tcpdump-3.4-22.