[Snort-users] pcap_loop

Svein Erik Søberg ses at ...7685...
Fri Dec 6 01:52:07 EST 2002


Hi!

I know this question came up some days ago, so please excuse me for asking again:

I've been logging traffic to binary files using tcpdump. When running these files through Snort, I noticed that Snort exited with a signal 3. Running them through tcpdump gave the following error messages:

tcpdump: pcap_loop: bogus savefile headers

and 

tcpdump: pcap_loop: truncated dump file

Also, this message seems to pop up in /var/log/messages each time Snort exits:

localhost modprobe: modprobe: Can't locate module [reading from a

which seems somewhat inconclusive.

tcpdump has previously suggested that there are bad sectors on my disk while logging, but not while logging these files. 
I experienced this problem with 2 of 5 logfiles.

I know this isn't really a Snort issue, but chances are that some of you may have experienced this before and can help me locate the problem.
I'm running Snort 1.9.0 and tcpdump 3.6.?  on RedHat 8.0.

Thanks in advance,

Svein Erik Søberg




More information about the Snort-users mailing list