[Snort-users] Error trying to read in tcpdump file

Jason Lewis jlewis at ...1831...
Mon Jun 11 22:13:11 EDT 2001

DUH!!.....  It looks like I am not using the same version of libpcap on both

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Jason Lewis
Sent: Monday, June 11, 2001 9:54 PM
To: 'Snort Mailing List'
Subject: [Snort-users] Error trying to read in tcpdump file

        --== Initializing Snort ==--
TCPDUMP file reading mode.
Reading network traffic from "/home/jlewis/snort-0611 at ...2234..." file.
snaplen = 1514
ERROR: OpenPcap() FSM compilation failed:
        unknown data link type 0x71
PCAP command: (null)
Fatal Error, Quitting..

Here is the command I am using.

/usr/local/bin/snort -u snort -g snort -c /etc/snort/snort.conf -r
/home/jlewis/snort-0611 at ...2234...

What am I missing?  I am ftping this from a remote sensor to my db server
and trying to replay the file to populate the db.

Jason Lewis
It's not secure "Because they told me it was secure". The people at the
other end of the link know less about security than you do. And that's

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list