Snort mailing list archives
Bogus savefile header
From: "Chris Eidem" <jceidem () dexma com>
Date: Thu, 7 Jun 2001 13:56:10 -0500
Hello fellow snorters, I'm running snort on two interfaces thusly: snort -A fast -bdIo -c snort.conf -i xl1 -D snort -A fast -bdIo -c snort.conf -i fxp0 -D Problem is, when I try to read the log with either command snort -vdr snort-0607 () 0948 log or tcpdump -r snort-0607 () 0948 log I get a packet dump or two and then the line pcap_loop: bogus savefile header Exiting... WTF? And, more importantly, is it possible to read the dump? I've tried it with both snort and tcpdump and with ethereal. No joy there, either. running it on two unnumbered ethernet cards OpenBSD 2.8 (stable) Dell P3-500 128M RAM Thanks in advance, Chris Chris Eidem Dexma, Inc. Network Administrator 7701 York Av. S. Phone: 952.229.1311 Edina, MN 55435 So, the Buddha walks into a pizza parlor and says, "Make me one with everything." _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Bogus savefile header Chris Eidem (Jun 07)
- <Possible follow-ups>
- bogus savefile header Todd Ransom (Jun 20)