Hi all, I have a problem about reading circular ringbuf pcap records.
There is a pcap file which stores last X seconds of packets. And with each X seconds of a period, a new pcap file is created. I can successfully read the initial pcap file for X seconds with "tail -n+o -F <filename> | tcpdump -r - -nn". But when the pcap file is rotated, the new pcap file causes to "bogus savefile header" from libpcap. I think that the new pcap file's header section is being tried to parse as packet data. How can I adapt the libpcap for my needs? I kindly want to take your opinions. Best regards, Tugrul, _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
