pcap_loop

[Svein Erik Søberg <ses () antares no>]

Hi!

I know this question came up some days ago, so please excuse me for asking again:

I've been logging traffic to binary files using tcpdump. When running these files through Snort, I noticed that Snort 
exited with a signal 3. Running them through tcpdump gave the following error messages:

tcpdump: pcap_loop: bogus savefile headers

and 

tcpdump: pcap_loop: truncated dump file

Also, this message seems to pop up in /var/log/messages each time Snort exits:

localhost modprobe: modprobe: Can't locate module [reading from a

which seems somewhat inconclusive.

tcpdump has previously suggested that there are bad sectors on my disk while logging, but not while logging these 
files. 
I experienced this problem with 2 of 5 logfiles.

I know this isn't really a Snort issue, but chances are that some of you may have experienced this before and can help 
me locate the problem.
I'm running Snort 1.9.0 and tcpdump 3.6.?  on RedHat 8.0.

Thanks in advance,

Svein Erik Søberg


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users