So I've been working on a site that accepts credit card payments.  I'm
being super paranoid about security and want to make absolutely
certain that all communications with the payment gateway are encrypted
so I'm installing TCPDUMP so I can sniff the packets and make sure
they're all encrypted.

I'm running Debian Sarge and tried this:
[code]
server:/# apt-get install tcpdump
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
libc6 libc6-dev libpcap0.8 libssl0.9.8 locales tzdata
Suggested packages:
glibc-doc
The following packages will be REMOVED:
base-config initrd-tools kernel-image-2.6.8-2-386
The following NEW packages will be installed:
libssl0.9.8 tcpdump tzdata
The following packages will be upgraded:
libc6 libc6-dev libpcap0.8 locales
4 upgraded, 3 newly installed, 3 to remove and 294 not upgraded.
Need to get 14.9MB of archives.
After unpacking 34.3MB disk space will be freed.
Do you want to continue? [Y/n]
[/code]

This says the kernel will be removed which makes me nervous.   uname-r
tells me that it's the current kernel too:
[code]
server:/# uname -r
2.6.8-2-386
[/code]

Does that sound normal?  Remember that this server is going to be
doing monetary transactions.  If I install tcpdump does that introduce
any vulnerabilities?  Can I uninstall it?  What about promiscuous
mode?  Is that always on? If I uninstall is everything 'back to
normal' or will my server be forever a promiscuous network slut?

[ Post a follow-up to this message ]

zardozrocks wrote:
> So I've been working on a site that accepts credit card payments.  I'm
> being super paranoid about security and want to make absolutely
> certain that all communications with the payment gateway are encrypted
> so I'm installing TCPDUMP so I can sniff the packets and make sure
> they're all encrypted.
>
> I'm running Debian Sarge and tried this:
> [code]
> server:/# apt-get install tcpdump
> Reading Package Lists... Done
> Building Dependency Tree... Done
> The following extra packages will be installed:
>  libc6 libc6-dev libpcap0.8 libssl0.9.8 locales tzdata
> Suggested packages:
>  glibc-doc
> The following packages will be REMOVED:
>  base-config initrd-tools kernel-image-2.6.8-2-386
> The following NEW packages will be installed:
>  libssl0.9.8 tcpdump tzdata
> The following packages will be upgraded:
>  libc6 libc6-dev libpcap0.8 locales
> 4 upgraded, 3 newly installed, 3 to remove and 294 not upgraded.
> Need to get 14.9MB of archives.
> After unpacking 34.3MB disk space will be freed.
> Do you want to continue? [Y/n]
> [/code]

Looks like you have a different version of Debian specified in your
/etc/apt/sources.list than the version you are running.

Or perhaps your sources.list refers to 'stable' and you are running
'sarge' which has now been replaced? Try changing all references in
sources.list from stable to sarge, apt-get update and try again. If this
works, consider upgrading the machine to etch or not.

> If I install tcpdump does that introduce
> any vulnerabilities?

No.

> Can I uninstall it?

Yes.

> What about promiscuous
> mode?  Is that always on? If I uninstall is everything 'back to
> normal' or will my server be forever a promiscuous network slut?

Promiscuous mode will only be enabled whilst you are running tcpdump -
quit the program and the interface will be switched back to normal.

[ Post a follow-up to this message ]