tcpdump + pf_ring capture: bogus savefile header

["M. V." <bored_to_death85 () yahoo com>]

hi,

in order to boost capturing performance, i installed PF-Ring for libpcap on 
Debian-6.0 using the link below. i got latest version of pf-ring from svn, and 
recompiled my intel-card's driver to support pf_ring. i didn't get any error or 
problem during the process.

http://www.ntop.org/blog/?p=125

now, when i use tcpdump which is compiled with libpcap-pf_ring to capture 
traffic, it captures with no error or warning and it seems that my capturing 
performance got better (based on capture-file size), but the problem is:

when i open captured file with wireshark or tcpdump itself, i got a weird error 
about bad packets size.

wireshark error:
----------------------
The capture file appears to be damaged or corrupt.
(pcap: File has 3014350264-byte packet, bigger than maximum of 65535)

tcpdump error:
--------------------
tcpdump: pcap_loop: bogus savefile header

i don't know what is the problem, i googled the problem but didn't find anything 
useful. i also posted this on ntop mailing-list, but so far nothing.
so i wanted to ask you guys if anyone has experienced this before or has any 
idea about it. 


thank you.



      -
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.