It could be that the last buffer hasn't been written to disk or isn't initialized to zeros and tcpdump is trying to read that garbage.
Causing a graceful shutdown of ntop will close the files. That should work... -----Burton > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > [EMAIL PROTECTED] > Sent: Friday, August 27, 2004 5:00 AM > To: [EMAIL PROTECTED] > Subject: [Ntop] reading 'suspicious' and 'other' packets > > > Hi, > > I'm trying to read the ntop-suspicious-pkts.dev[if].pcap and > ntop-other-pkts.[if].pcap files using > > tcpdump -r [filename] > > which is reporting 'tcpdump: pcap_loop: truncated dump file'. > > I've tried opening these files in ethereal as well, and that chokes > with: > > The capture file appears to be damaged or corrupt. > (pcap: File has 203949056-byte packet, bigger than maximum of 65535) > > Anyone got any ideas/seen this before? Do I need to kill ntop before > these files will be readable? > > Mat > > ----------------------------------------------- > UK IPv6 Deployment Conference > 24th September 2004, Manchester, UK > http://www.uk.ipv6tf.org/events/manchester.html > ----------------------------------------------- > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
