[Snort-users] Error Initializing DAQ PCAP

Al Lewis (allewi) allewi at ...589...
Mon Jan 30 17:50:05 EST 2017

Do you have a copy of the pcap that you can share?

Albert Lewis
SOURCEfire, Inc. now part of Cisco
Email: allewi at ...589...<mailto:allewi at ...589...>

From: "Jones, Christopher (Chris) (Maj)" <cajones1 at ...17771...<mailto:cajones1 at ...17771...>>
Date: Monday, January 30, 2017 at 3:59 PM
To: 'snort-users' <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>
Subject: [Snort-users] Error Initializing DAQ PCAP


You all helped me get past my configuration file issues and now I’m trying to analyze a pcap file I have on my computer created by wireshark.  I’ve been using the command:

Snort –r c:\snort\pcapfiles\capture –c c:\snort\etc\snort.conf

The resulting error is:  “ERROR: Can’t initialize DAQ pcap (-1) – bad dump file format.”

I’ve looked this issue up online but the fixes seem to be fairly complicated.  Maybe there’s a certain pcap file format I need to use…  Thanks for any help you can offer.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170130/db6ed52d/attachment.html>

More information about the Snort-users mailing list