From: Robb Wroblewski (email@example.com)
Message-ID: <firstname.lastname@example.org> Date: Wed, 4 May 2005 10:54:34 -0400 From: Robb Wroblewski <email@example.com> Subject: Re: tcptrace-bugs PCAP error: 'bogus savefile header' version 6.6.1
After doing some more research ( google ) I found threads of
incompatibility. I also am unable to straight tcpdump the files
anymore. It is a gentoo box and I am looking into what changes the SA
may have made. Thank you for your quick response. I will let you know
if I come up with a resolution so you can add to FAQ if you wanted
even though it's not specific to your application. Looks like it's a
really slick app so I will invest some time into trying to get it
On 5/3/05, Joshua Blanton <firstname.lastname@example.org> wrote:
> Robb Wroblewski wrote:
> > I receive the following error whenever I try to read in files from tcpdump
> > this was the tcpdump command I used to capture
> > tcpdump -elni eth-s1p3 -s100 -w /tmp/outfile.cap
> > Here is the output. Including the error
> > tcptrace ./ring.20050429093656
> > 1 arg remaining, starting with './ring.20050429093656'
> > Ostermann's tcptrace -- version 6.6.1 -- Wed Nov 19, 2003
> > PCAP error: 'bogus savefile header'
> > 0 packets seen, 0 TCP packets traced
> > elapsed wallclock time: 0:00:00.002034, 0 pkts/sec analyzed
> > trace file elapsed time: 0:00:00.000000
> > no traced TCP packets
> Hm, since that's an error from libpcap, there really isn't much that
> we can do about it - the question is, what causes libpcap to create
> that error? You didn't say what platform you were on, which might
> help debugging... It sounds like the machine that you ran tcpdump on
> has an incompatible libpcap from the machine that you ran tcptrace on;
> is this possible?
> Those who beat their swords into plowshares usually end up plowing for
> those who didn't.
> -- Ben Franklin
This archive was generated by hypermail 2.1.7 : 05/04/05 EDT