[Snort-users] Bogus savefile header

Chris Eidem jceidem at ...2191...
Thu Jun 7 14:56:10 EDT 2001

Hello fellow snorters,

I'm running snort on two interfaces thusly:

snort -A fast -bdIo -c snort.conf -i xl1 -D
snort -A fast -bdIo -c snort.conf -i fxp0 -D

Problem is, when I try to read the log with either command

snort -vdr snort-0607 at ...2192...
or tcpdump -r snort-0607 at ...2192...

I get a packet dump or two and then the line

pcap_loop: bogus savefile header

WTF?  And, more importantly, is it possible to read the dump?  I've
tried it 
with both snort and tcpdump and with ethereal.  No joy there, either.

running it on two unnumbered ethernet cards
OpenBSD 2.8 (stable)
Dell P3-500 128M RAM

Thanks in advance,

Chris Eidem                        Dexma, Inc.
Network Administrator              7701 York Av. S.
Phone: 952.229.1311                Edina, MN 55435

So, the Buddha walks into a pizza parlor and says,
"Make me one with everything."

More information about the Snort-users mailing list