Date: Wed, 29 May 2002 09:30:53 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Lim Wee Guan <weeguan@hem.passagen.se> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Snort producing tcpdump unreadable binary files. Message-ID: <20020529093053.B94904@xor.obsecurity.org> In-Reply-To: <20020529210806.A29200@nexus>; from weeguan@hem.passagen.se on Wed, May 29, 2002 at 09:08:06PM %2B0800 References: <20020529210806.A29200@nexus>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Wed, May 29, 2002 at 09:08:06PM +0800, Lim Wee Guan wrote: > However, after a while of logging, snort appears to go "crazy" and > logs apparently all packets (humongous log files are typical), and if > I attempt to read the binary file using tcpdump -r, I get this > message at the end of some valid packets: "tcpdump: pcap_loop: bogus > savefile header" I've seen that too; I think it's a problem with the version of pcap we use. I was getting the same problems with plain tcpdump (this is on my PPPoE router system). I'm also seeing snort dying very often inside libpcap. I can't remember if I've tried linking it against the newer version. This isn't really a security question. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE89QI8Wry0BWjoQKURAjQeAKDFAAja0hmSZK1MHIaRhxnUdtjVVACgpIKe 1sgcBSNGUValm4ZAAyjxWbU= =JNx8 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020529093053.B94904>