tcpdump mailing list archives
Re: bad dump file format
From: Guy Harris <guy () alum mit edu>
Date: Thu, 3 Jul 2003 13:52:46 -0700
On Thursday, July 3, 2003, at 11:41 AM, majid raissi wrote:
I was given a trace file collected on another machine and I tried to use the -r option to read it but it gives metcpdump: bad dump file format any idea what could be wrong (other than the trace file)
The error message means that the trace file doesn't begin with a magic number that the libpcap with which your tcpdump was built recognizes.
This could be because:1) the trace file on the other machine didn't come from an application that writes files in libpcap format (for example, a capture from from a Sniffer(R));
2) the trace file on the other machine writes them in a libpcap format that the libpcap with which your tcpdump was built doesn't recognize (for example, some Linux distributions wrote files in a non-standard format that wasn't recognized by the standard libpcap until libpcap 0.6);
3) the trace file was copied from the other machine to your machine in a way that destroyed it (for example, FTPing it in ASCII rather than binary mode, although I'd expect that to cause other problems, not that particular problem).
- This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- bad dump file format majid raissi (Jul 03)
- Re: bad dump file format Guy Harris (Jul 03)