[Snort-users] Help? Broken binary(-b) snort-log (pcap_loop: bogus savefile header)

Chr. v. Stuckrad stucki at ...3882...
Mon Oct 22 05:38:02 EDT 2001


Hi!

Does somebody know, what I can do to 'repair' or 'analyse'
a snort-logfile created by logging in binary format, on which
tcpdump and snort complain about an 'pcap_loop: bogus savefile header'.

I can only read the first few packages, then both programs abort.
But I would definitely need to find a few more packages because
of an shellcode-alert last weekend...

Any Ideas how to edit/analyse/error-ignore/... ???


Thanks,     Stucki (new to the list :-)

-- 
Christoph von Stuckrad       * *  | nickname  | <stucki at ...3882...> \
Freie Universitaet Berlin    |/_* | 'stucki'  | Tel(days):+49 30 838-75 459 |
Fachbereich Mathematik, EDV  |\ * | if online | Tel(else):+49 30 77 39 6600 |
Arnimallee 2-6/14195 Berlin  * *  | on IRCnet | Fax(alle):+49 30 838-75454 /




More information about the Snort-users mailing list