|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [Snort-users] bad dump file format... huh?
From: Dragos Ruiu (dr
dursec.com)Date: Tue Nov 14 2000 - 15:12:21 CST
- Next message: Dragos Ruiu: "[Snort-users] kyxspam: red vs. blue"
- Previous message: Austad, Jay: "RE: [Snort-users] Ways to optimize throughput"
- In reply to: Roman Danyliw: "Re: [Snort-users] bad dump file format... huh?"
- Reply: Dragos Ruiu: "Re: [Snort-users] bad dump file format... huh?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 14 Nov 2000, Roman Danyliw wrote:
> Are you using Redhat Linux? As of version 6.0, Redhat assumed that the
> development effort with libpcap was dead and made changes to
> libpcap (and tcpdump). In particular, these changes surrounded the
> timestamp format and addressed issues with multiple interfaces. As a
> consequence of these modifications, tcpdump-generated files under Redhat
> will not be valid with Snort (any version). Try downloading an
> "unbroken" copy of libpcap/tcpdump from www.tcpdump.org.
> >
Though I haven't tested it... I believe it should be possible to use Ethereal
to convert the file into an useable format, as it can read RedHat and output
standard tcpdump....
cheers,
--dr
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users
- Next message: Dragos Ruiu: "[Snort-users] kyxspam: red vs. blue"
- Previous message: Austad, Jay: "RE: [Snort-users] Ways to optimize throughput"
- In reply to: Roman Danyliw: "Re: [Snort-users] bad dump file format... huh?"
- Reply: Dragos Ruiu: "Re: [Snort-users] bad dump file format... huh?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]