Ringbuf pcap reading and "bogus savefile header" error

[Tugrul Erdogan <h.tugrul.erdogan () gmail com>]

Hi all,

I have a problem about reading circular ringbuf pcap records.

There is a pcap file which stores last X seconds of packets. And with each
X seconds of a period, a new pcap file is created.

I can successfully read the initial pcap file for X seconds with "tail -n+o
-F <filename> | tcpdump -r - -nn". But when the pcap file is rotated, the
new pcap file causes to "bogus savefile header" from libpcap. I think that
the new pcap file's header section is being tried to parse as packet data.

How can I adapt the libpcap for my needs? I kindly want to take your
opinions.

Best regards,
Tugrul,
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers