Snort mailing list archives
Help? Broken binary(-b) snort-log (pcap_loop: bogus savefile header)
From: "Chr. v. Stuckrad" <stucki () math fu-berlin de>
Date: Mon, 22 Oct 2001 14:37:18 +0200
Hi! Does somebody know, what I can do to 'repair' or 'analyse' a snort-logfile created by logging in binary format, on which tcpdump and snort complain about an 'pcap_loop: bogus savefile header'. I can only read the first few packages, then both programs abort. But I would definitely need to find a few more packages because of an shellcode-alert last weekend... Any Ideas how to edit/analyse/error-ignore/... ??? Thanks, Stucki (new to the list :-) -- Christoph von Stuckrad * * | nickname | <stucki () math fu-berlin de> \ Freie Universitaet Berlin |/_* | 'stucki' | Tel(days):+49 30 838-75 459 | Fachbereich Mathematik, EDV |\ * | if online | Tel(else):+49 30 77 39 6600 | Arnimallee 2-6/14195 Berlin * * | on IRCnet | Fax(alle):+49 30 838-75454 / _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Help? Broken binary(-b) snort-log (pcap_loop: bogus savefile header) Chr. v. Stuckrad (Oct 22)