Hello fellow snorters,

I'm running snort on two interfaces thusly:

snort -A fast -bdIo -c snort.conf -i xl1 -D
snort -A fast -bdIo -c snort.conf -i fxp0 -D

Problem is, when I try to read the log with either command

snort -vdr snort-06070948.log
or tcpdump -r snort-06070948.log

I get a packet dump or two and then the line

pcap_loop: bogus savefile header
Exiting...

WTF? And, more importantly, is it possible to read the dump? I've
tried it
with both snort and tcpdump and with ethereal. No joy there, either.

running it on two unnumbered ethernet cards
OpenBSD 2.8 (stable)
Dell P3-500 128M RAM

Thanks in advance,
Chris

Chris Eidem Dexma, Inc.
Network Administrator 7701 York Av. S.
Phone: 952.229.1311 Edina, MN 55435

So, the Buddha walks into a pizza parlor and says,
"Make me one with everything."

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]