[Snort-users] bad dump file format... huh?

Dragos Ruiu dr at ...50...
Tue Nov 14 16:12:21 EST 2000


On Tue, 14 Nov 2000, Roman Danyliw wrote:
> Are you using Redhat Linux?  As of version 6.0, Redhat assumed that the
> development effort with libpcap was dead and made changes to
> libpcap (and tcpdump).  In particular, these changes surrounded the
> timestamp format and addressed issues with multiple interfaces.  As a
> consequence of these modifications, tcpdump-generated files under Redhat
> will not be valid with Snort (any version).  Try downloading an
> "unbroken" copy of libpcap/tcpdump from www.tcpdump.org.
> >

Though I haven't tested it... I believe it should be possible to use Ethereal
to convert the file into an useable format, as it can read RedHat and output
standard tcpdump....

cheers,
--dr




More information about the Snort-users mailing list