On Thu, Sep 19, 2002 at 10:06:15AM +1000, Tao Peng wrote:
> Dear All:
>
> Does anyone know what is the reason to cause the following error:
> tcpdump: pcap_loop: bogus savefile header
A bogus savefile header. :-)
In particular, if a packet has a captured-data length greater than
the snapshot length recorded in the header of the capture file and
greater than 65535, that error will be reported.
> I download some files from the web, some works fine with tcpdump but
> for some file the above error message comes out following several valid
> IP packets.
Perhaps either
1) the file you downloaded was somehow corrupt
or
2) the process of downloading it mangled it (e.g., some tool
thinking it needs to convert CR/LF to LF).
> Another error happens as following if I run the following command
> /usr/sbin/tcpdump -F filter -n -r inside1fri.tcpdump.gz|perl justip.pl
> |sort -u > ipinside1fri.txt
>
> tcpdump: pcap_loop: truncated dump file
Well, if "inside1fri.tcpdump.gz" is, as the name suggests, gzipped, that
won't work in standard versions of tcpdump linked with standard versions
of libpcap - they can't read gzipped files. You'd have to do
gzcat inside1fri.tcpdump.gz | /usr/sbin/tcpdump -F filter -n -r - |
perl justip.pl | sort -u > ipinside1fri.txt
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
