[Snort-users] bad dump file format... huh?
dr at ...50...
Tue Nov 14 16:12:21 EST 2000
On Tue, 14 Nov 2000, Roman Danyliw wrote:
> Are you using Redhat Linux? As of version 6.0, Redhat assumed that the
> development effort with libpcap was dead and made changes to
> libpcap (and tcpdump). In particular, these changes surrounded the
> timestamp format and addressed issues with multiple interfaces. As a
> consequence of these modifications, tcpdump-generated files under Redhat
> will not be valid with Snort (any version). Try downloading an
> "unbroken" copy of libpcap/tcpdump from www.tcpdump.org.
Though I haven't tested it... I believe it should be possible to use Ethereal
to convert the file into an useable format, as it can read RedHat and output
More information about the Snort-users