So I've been working on a site that accepts credit card payments. I'm
being super paranoid about security and want to make absolutely
certain that all communications with the payment gateway are encrypted
so I'm installing TCPDUMP so I can sniff the packets and make sure
they're all encrypted.
I'm running Debian Sarge and tried this:
This says the kernel will be removed which makes me nervous. uname-r
server:/# apt-get install tcpdump
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
libc6 libc6-dev libpcap0.8 libssl0.9.8 locales tzdata
The following packages will be REMOVED:
base-config initrd-tools kernel-image-2.6.8-2-386
The following NEW packages will be installed:
libssl0.9.8 tcpdump tzdata
The following packages will be upgraded:
libc6 libc6-dev libpcap0.8 locales
4 upgraded, 3 newly installed, 3 to remove and 294 not upgraded.
Need to get 14.9MB of archives.
After unpacking 34.3MB disk space will be freed.
Do you want to continue? [Y/n]
tells me that it's the current kernel too:
Does that sound normal? Remember that this server is going to be
server:/# uname -r
doing monetary transactions. If I install tcpdump does that introduce
any vulnerabilities? Can I uninstall it? What about promiscuous
mode? Is that always on? If I uninstall is everything 'back to
normal' or will my server be forever a promiscuous network slut?