Re: Error Initializing DAQ PCAP

["Al Lewis (allewi)" <allewi () cisco com>]

Do you have a copy of the pcap that you can share?

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: "Jones, Christopher (Chris) (Maj)" <cajones1 () nps edu<mailto:cajones1 () nps edu>>
Date: Monday, January 30, 2017 at 3:59 PM
To: 'snort-users' <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>>
Subject: [Snort-users] Error Initializing DAQ PCAP

Team,

You all helped me get past my configuration file issues and now I’m trying to analyze a pcap file I have on my computer 
created by wireshark.  I’ve been using the command:

Snort –r c:\snort\pcapfiles\capture –c c:\snort\etc\snort.conf

The resulting error is:  “ERROR: Can’t initialize DAQ pcap (-1) – bad dump file format.”

I’ve looked this issue up online but the fixes seem to be fairly complicated.  Maybe there’s a certain pcap file format 
I need to use…  Thanks for any help you can offer.

Chris


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!