hi, in order to boost capturing performance, i installed PF-Ring for libpcap on Debian-6.0 using the link below. i got latest version of pf-ring from svn, and recompiled my intel-card's driver to support pf_ring. i didn't get any error or problem during the process.
http://www.ntop.org/blog/?p=125 now, when i use tcpdump which is compiled with libpcap-pf_ring to capture traffic, it captures with no error or warning and it seems that my capturing performance got better (based on capture-file size), but the problem is: when i open captured file with wireshark or tcpdump itself, i got a weird error about bad packets size. wireshark error: ---------------------- The capture file appears to be damaged or corrupt. (pcap: File has 3014350264-byte packet, bigger than maximum of 65535) tcpdump error: -------------------- tcpdump: pcap_loop: bogus savefile header i don't know what is the problem, so i wanted to ask if anyone has experienced this before or has any idea about it. thank you.
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
