tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

bogus savefile header

From: "Michael L. Artz" <dragon () october29 net>
Date: Wed, 26 Mar 2003 19:41:58 -0500
What could cause tcpdump to output the error 'pcap_loop: bogus savefile header'? I did a little searching, and came up with the fact that tcpdump (or libpcap) might get confused when the data packet's size does not match what tcpdump thinks it is. I have been running a tcpdump audit log to supplement my IDS (snort), which has alerted on several IP packets that seem to be using an unassigned IP protocol. When I attempt to view them from my audit logs, I get the "bogus savefile" error. I am running on a pretty stock RH 7.3 set. Will upgrading libpcap/tcpdump fix the problem? 

Thanks
-Mike

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: