[Snort-users] Bogus savefile header
jceidem at ...2191...
Thu Jun 7 14:56:10 EDT 2001
Hello fellow snorters,
I'm running snort on two interfaces thusly:
snort -A fast -bdIo -c snort.conf -i xl1 -D
snort -A fast -bdIo -c snort.conf -i fxp0 -D
Problem is, when I try to read the log with either command
snort -vdr snort-0607 at ...2192...
or tcpdump -r snort-0607 at ...2192...
I get a packet dump or two and then the line
pcap_loop: bogus savefile header
WTF? And, more importantly, is it possible to read the dump? I've
with both snort and tcpdump and with ethereal. No joy there, either.
running it on two unnumbered ethernet cards
OpenBSD 2.8 (stable)
Dell P3-500 128M RAM
Thanks in advance,
Chris Eidem Dexma, Inc.
Network Administrator 7701 York Av. S.
Phone: 952.229.1311 Edina, MN 55435
So, the Buddha walks into a pizza parlor and says,
"Make me one with everything."
More information about the Snort-users