[Snort-users] tcpdump for [!] WARNING: Not IPv4 datagram! ([ver: 0x5][len: 0xdc05])]
jsage at ...2022...
Mon Jul 22 15:15:04 EDT 2002
On Mon, Jul 22, 2002 at 04:21:09PM -0500, max valdez wrote:
> Ok, I'm having a mayor problem here
> I can see others can read perfectly my tcpdump, but I cant, so what can
> be wrong ?, I changes from RH7.3 libpcap to 0.7.1, recompiled snort and
> still seeing the same error on "snort -v" or reading the dump file.
> Agree is not a router switch problem, but the what is it ?? I'm deeper
> than this morning, help pleas !!
Are you capturing the packets in the first place via snort, or tcpdump?
If tcpdump, try capturing packets with snort -b and adjust your
snort.conf accordingly, if needed..
Compile snort afresh (which I think you have..) and let *it* capture
Then read them back with snort -dv -r [filename]
I do that all the time (in fact I *only* -b binary log..) and I know
"Cowardly refusing to create an empty archive."
PGP key http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
More information about the Snort-users