Hi,
When trying to read in a pcap dump, I am getting this error in my logs
during startup:
Jul 31 08:16:40 ntop ntop[1616]: THREADMGMT[t3033672592]:
NPS(/usr/local/var/ntop/tmp.eth2.pcap): pcapDispatch thread running [p1616]
Jul 31 08:16:40 ntop ntop[1616]: **ERROR** Reading packets on device 0
(/usr/local/var/ntop/tmp.eth2.pcap): 'bogus savefile header'
Jul 31 08:16:40 ntop ntop[1616]: THREADMGMT[t3033672592]:
NPS(/usr/local/var/ntop/tmp.eth2.pcap): pcapDispatch thread terminated
[p1616]
Ntop starts, but there is no data despite the pcap being close to 400MB.
Googling, it seems like this might be caused by a bad captured packet or
perhaps the version of libpcap not logging in a standard format? But I
didn't know if someone else had seen the error. It didn't seem like
there were other command line options I should be using when capturing
or reading in the pcap dump.
I was logging with this command:
/usr/local/bin/ntop -u ntop -o -m 192.168.1.0/24,216.237.100.128/25 -i
eth2 -l /tmp
And reading with this:
/usr/local/bin/ntop -u ntop -o -L -m 192.168.1.0/24,xxx.xxx.xxx.xxx/25
-f /usr/local/var/ntop/tmp.eth2.pcap -w 0 -W 443 -t 5 -d
The machine is CentOS 5.3, 32 bit
libpcap-0.9.4-14.el5
ntop v.3.3.10 [i686-redhat-linux-gnu]
Thanks,
James
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
