All My Brain Where stuff from my brain lands

October 11, 2007

Using tcpdump on a linux-vserver guest

Filed under: System Administration — Tags: , — Dennis @ 10:59 am

To debug a problem I’m working on, I need to be able to see network traffic on an interface inside a linux-vserver guest. To do this, you have to enable the CAP_NET_RAW capability for that guest.
> echo "NET_RAW" >> /etc/vservers/myserver/bcapabilities

Then just restart the vserver.
I noticed you don’t have to enable NET_ADMIN, or unhide the interfaces. I’m not sure if there is much of a security risk on having NET_RAW enabled or not. You can always disable and restart after you’re done with tcpdump.

Powered by WordPress

%d bloggers like this: