Re: Snort producing tcpdump unreadable binary files.
From: Kris Kennaway (kris@obsecurity.org)
Date: 05/29/02
- Next message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-02:26.accept"
- Previous message: Lim Wee Guan: "Snort producing tcpdump unreadable binary files."
- In reply to: Lim Wee Guan: "Snort producing tcpdump unreadable binary files."
- Next in thread: John Ruff: "Re: Snort producing tcpdump unreadable binary files."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 May 2002 09:30:53 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Lim Wee Guan <weeguan@hem.passagen.se>
On Wed, May 29, 2002 at 09:08:06PM +0800, Lim Wee Guan wrote:
> However, after a while of logging, snort appears to go "crazy" and
> logs apparently all packets (humongous log files are typical), and if
> I attempt to read the binary file using tcpdump -r, I get this
> message at the end of some valid packets: "tcpdump: pcap_loop: bogus
> savefile header"
I've seen that too; I think it's a problem with the version of pcap we
use. I was getting the same problems with plain tcpdump (this is on
my PPPoE router system).
I'm also seeing snort dying very often inside libpcap. I can't
remember if I've tried linking it against the newer version.
This isn't really a security question.
Kris
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- application/pgp-signature attachment: stored
- Next message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-02:26.accept"
- Previous message: Lim Wee Guan: "Snort producing tcpdump unreadable binary files."
- In reply to: Lim Wee Guan: "Snort producing tcpdump unreadable binary files."
- Next in thread: John Ruff: "Re: Snort producing tcpdump unreadable binary files."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
