Re: bad dump file format

[Guy Harris <guy () alum mit edu>]

On Thursday, July 3, 2003, at 11:41 AM, majid raissi wrote:

> I was given a trace file collected on another machine and I tried to 
> use the -r option to read it but it gives me
> tcpdump: bad dump file format
> any idea what could be wrong (other than the trace file)

The error message means that the trace file doesn't begin with a magic 
number that the libpcap with which your tcpdump was built recognizes.

This could be because:

	1) the trace file on the other machine didn't come from an application 
that writes files in libpcap format (for example, a capture from from a 
Sniffer(R));

	2) the trace file on the other machine writes them in a libpcap format 
that the libpcap with which your tcpdump was built doesn't recognize 
(for example, some Linux distributions wrote files in a non-standard 
format that wasn't recognized by the standard libpcap until libpcap 
0.6);

	3) the trace file was copied from the other machine to your machine in 
a way that destroyed it (for example, FTPing it in ASCII rather than 
binary mode, although I'd expect that to cause other problems, not that 
particular problem).

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe