TCPDUMP - safe to install/uninstall on production system?
This is a discussion on TCPDUMP - safe to install/uninstall on production system? within the Debian Linux support forums, part of the Debian Linux category; --> So I've been working on a site that accepts credit card payments. I'm being super paranoid about security and ...
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-19-2008, 08:40 AM
| ||||
| ||||
 TCPDUMP - safe to install/uninstall on production system? So I've been working on a site that accepts credit card payments. I'm being super paranoid about security and want to make absolutely certain that all communications with the payment gateway are encrypted so I'm installing TCPDUMP so I can sniff the packets and make sure they're all encrypted. I'm running Debian Sarge and tried this: Code: server:/# apt-get install tcpdump Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: libc6 libc6-dev libpcap0.8 libssl0.9.8 locales tzdata Suggested packages: glibc-doc The following packages will be REMOVED: base-config initrd-tools kernel-image-2.6.8-2-386 The following NEW packages will be installed: libssl0.9.8 tcpdump tzdata The following packages will be upgraded: libc6 libc6-dev libpcap0.8 locales 4 upgraded, 3 newly installed, 3 to remove and 294 not upgraded. Need to get 14.9MB of archives. After unpacking 34.3MB disk space will be freed. Do you want to continue? [Y/n] tells me that it's the current kernel too: Code: server:/# uname -r 2.6.8-2-386 doing monetary transactions. If I install tcpdump does that introduce any vulnerabilities? Can I uninstall it? What about promiscuous mode? Is that always on? If I uninstall is everything 'back to normal' or will my server be forever a promiscuous network slut?      |
|
01-19-2008, 08:40 AM
| ||||
| ||||
| Re: TCPDUMP - safe to install/uninstall on production system? zardozrocks wrote: > So I've been working on a site that accepts credit card payments. I'm > being super paranoid about security and want to make absolutely > certain that all communications with the payment gateway are encrypted > so I'm installing TCPDUMP so I can sniff the packets and make sure > they're all encrypted. > > I'm running Debian Sarge and tried this: > Code: > server:/# apt-get install tcpdump > Reading Package Lists... Done > Building Dependency Tree... Done > The following extra packages will be installed: > libc6 libc6-dev libpcap0.8 libssl0.9.8 locales tzdata > Suggested packages: > glibc-doc > The following packages will be REMOVED: > base-config initrd-tools kernel-image-2.6.8-2-386 > The following NEW packages will be installed: > libssl0.9.8 tcpdump tzdata > The following packages will be upgraded: > libc6 libc6-dev libpcap0.8 locales > 4 upgraded, 3 newly installed, 3 to remove and 294 not upgraded. > Need to get 14.9MB of archives. > After unpacking 34.3MB disk space will be freed. > Do you want to continue? [Y/n] > Looks like you have a different version of Debian specified in your /etc/apt/sources.list than the version you are running. Or perhaps your sources.list refers to 'stable' and you are running 'sarge' which has now been replaced? Try changing all references in sources.list from stable to sarge, apt-get update and try again. If this works, consider upgrading the machine to etch or not. > If I install tcpdump does that introduce > any vulnerabilities? No. > Can I uninstall it? Yes. > What about promiscuous > mode? Is that always on? If I uninstall is everything 'back to > normal' or will my server be forever a promiscuous network slut? Promiscuous mode will only be enabled whilst you are running tcpdump - quit the program and the interface will be switched back to normal. |
Linear Mode
