Re: tcptrace-bugs PCAP error: 'bogus savefile header' version 6.6.1

From: Joshua Blanton (
Date: 05/03/05

Date: Tue, 3 May 2005 18:27:49 -0400
From: Joshua Blanton <>
Subject: Re: tcptrace-bugs PCAP error: 'bogus savefile header' version 6.6.1
Message-ID: <>

Robb Wroblewski wrote:
> I receive the following error whenever I try to read in files from tcpdump
> this was the tcpdump command I used to capture
> tcpdump -elni eth-s1p3 -s100 -w /tmp/outfile.cap
> Here is the output. Including the error
> tcptrace ./ring.20050429093656
> 1 arg remaining, starting with './ring.20050429093656'
> Ostermann's tcptrace -- version 6.6.1 -- Wed Nov 19, 2003
> PCAP error: 'bogus savefile header'
> 0 packets seen, 0 TCP packets traced
> elapsed wallclock time: 0:00:00.002034, 0 pkts/sec analyzed
> trace file elapsed time: 0:00:00.000000
> no traced TCP packets

Hm, since that's an error from libpcap, there really isn't much that
we can do about it - the question is, what causes libpcap to create
that error? You didn't say what platform you were on, which might
help debugging... It sounds like the machine that you ran tcpdump on
has an incompatible libpcap from the machine that you ran tcptrace on;
is this possible?


Those who beat their swords into plowshares usually end up plowing for
those who didn't.
	-- Ben Franklin

This archive was generated by hypermail 2.1.7 : 05/04/05 EDT