[Snort-users] Corrupted Frame and Exit

Mike Dillinger miked at ...14531...
Tue Mar 17 13:01:04 EDT 2009

--- Original Message
From: Nathaniel Richmond <nate+snort at ...14258...>
Sent: Monday, March 16, 2009, at 05:06AM PDT (GMT -0700)

NR> If the error is about the libpcap headers, you may not have the
NR> libpcap-dev package installed. It might help to paste the exact
NR> error for the list.

I did/do have libpcap-dev installed.

Here is the error again:
rockenfield:~# tcpdump -vv -i eth3
tcpdump: listening on eth3, link-type EN10MB (Ethernet), capture size 96 bytes
09:22:26.123716 Broadcast Unknown SSAP 0xe6 > 00:00:00:00:00:00 (oui Ethernet) NetBeui Information, send seq 33, rcv seq 46, Flags [Final], length 4294967282
tcpdump: pcap_loop: corrupted frame on kernel ring mac offset 94 + caplen 428 > frame len 160
26 packets captured
27 packets received by filter
0 packets dropped by kernel

If there is more information you'd like, let me know and I'll gladly post it.

It looks like this is my problem, which was kindly posted by Matthew Babcock:

I am running the amd64 version of the kernel.  I have tried to build libpcap on my own but I'm not the best builder and had some problems.  I will contact the Debian folks and see what's going on.


