TCPDUMP - safe to install/uninstall on production system? - Debian

This is a discussion on TCPDUMP - safe to install/uninstall on production system? - Debian ; So I've been working on a site that accepts credit card payments. I'm being super paranoid about security and want to make absolutely certain that all communications with the payment gateway are encrypted so I'm installing TCPDUMP so I can ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: TCPDUMP - safe to install/uninstall on production system?

  1. TCPDUMP - safe to install/uninstall on production system?

    So I've been working on a site that accepts credit card payments. I'm
    being super paranoid about security and want to make absolutely
    certain that all communications with the payment gateway are encrypted
    so I'm installing TCPDUMP so I can sniff the packets and make sure
    they're all encrypted.

    I'm running Debian Sarge and tried this:
    Code:
    server:/# apt-get install tcpdump
    Reading Package Lists... Done
    Building Dependency Tree... Done
    The following extra packages will be installed:
    libc6 libc6-dev libpcap0.8 libssl0.9.8 locales tzdata
    Suggested packages:
    glibc-doc
    The following packages will be REMOVED:
    base-config initrd-tools kernel-image-2.6.8-2-386
    The following NEW packages will be installed:
    libssl0.9.8 tcpdump tzdata
    The following packages will be upgraded:
    libc6 libc6-dev libpcap0.8 locales
    4 upgraded, 3 newly installed, 3 to remove and 294 not upgraded.
    Need to get 14.9MB of archives.
    After unpacking 34.3MB disk space will be freed.
    Do you want to continue? [Y/n]
    This says the kernel will be removed which makes me nervous. uname-r
    tells me that it's the current kernel too:
    Code:
    server:/# uname -r
    2.6.8-2-386
    Does that sound normal? Remember that this server is going to be
    doing monetary transactions. If I install tcpdump does that introduce
    any vulnerabilities? Can I uninstall it? What about promiscuous
    mode? Is that always on? If I uninstall is everything 'back to
    normal' or will my server be forever a promiscuous network slut?


  2. Re: TCPDUMP - safe to install/uninstall on production system?

    zardozrocks wrote:
    > So I've been working on a site that accepts credit card payments. I'm
    > being super paranoid about security and want to make absolutely
    > certain that all communications with the payment gateway are encrypted
    > so I'm installing TCPDUMP so I can sniff the packets and make sure
    > they're all encrypted.
    >
    > I'm running Debian Sarge and tried this:
    >
    Code:
    > server:/# apt-get install tcpdump
    > Reading Package Lists... Done
    > Building Dependency Tree... Done
    > The following extra packages will be installed:
    >  libc6 libc6-dev libpcap0.8 libssl0.9.8 locales tzdata
    > Suggested packages:
    >  glibc-doc
    > The following packages will be REMOVED:
    >  base-config initrd-tools kernel-image-2.6.8-2-386
    > The following NEW packages will be installed:
    >  libssl0.9.8 tcpdump tzdata
    > The following packages will be upgraded:
    >  libc6 libc6-dev libpcap0.8 locales
    > 4 upgraded, 3 newly installed, 3 to remove and 294 not upgraded.
    > Need to get 14.9MB of archives.
    > After unpacking 34.3MB disk space will be freed.
    > Do you want to continue? [Y/n]
    >


    Looks like you have a different version of Debian specified in your
    /etc/apt/sources.list than the version you are running.

    Or perhaps your sources.list refers to 'stable' and you are running
    'sarge' which has now been replaced? Try changing all references in
    sources.list from stable to sarge, apt-get update and try again. If this
    works, consider upgrading the machine to etch or not.

    > If I install tcpdump does that introduce
    > any vulnerabilities?


    No.

    > Can I uninstall it?


    Yes.

    > What about promiscuous
    > mode? Is that always on? If I uninstall is everything 'back to
    > normal' or will my server be forever a promiscuous network slut?


    Promiscuous mode will only be enabled whilst you are running tcpdump -
    quit the program and the interface will be switched back to normal.

+ Reply to Thread