Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Bogus savefile header

From: "Chris Eidem" <jceidem () dexma com>
Date: Thu, 7 Jun 2001 13:56:10 -0500
Hello fellow snorters,

I'm running snort on two interfaces thusly:

snort -A fast -bdIo -c snort.conf -i xl1 -D
snort -A fast -bdIo -c snort.conf -i fxp0 -D

Problem is, when I try to read the log with either command

snort -vdr snort-0607 () 0948 log
or tcpdump -r snort-0607 () 0948 log

I get a packet dump or two and then the line

pcap_loop: bogus savefile header
Exiting...

WTF?  And, more importantly, is it possible to read the dump?  I've
tried it 
with both snort and tcpdump and with ethereal.  No joy there, either.

running it on two unnumbered ethernet cards
OpenBSD 2.8 (stable)
Dell P3-500 128M RAM

Thanks in advance,
Chris

Chris Eidem                        Dexma, Inc.
Network Administrator              7701 York Av. S.
Phone: 952.229.1311                Edina, MN 55435

So, the Buddha walks into a pizza parlor and says,
"Make me one with everything."

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: