At 12:30 AM 9/19/2002 -0700, Guy Harris wrote: >On Thu, Sep 19, 2002 at 10:06:15AM +1000, Tao Peng wrote: > > Dear All: > > > > Does anyone know what is the reason to cause the following error: > > tcpdump: pcap_loop: bogus savefile header > >A bogus savefile header. :-) > >In particular, if a packet has a captured-data length greater than >the snapshot length recorded in the header of the capture file and >greater than 65535, that error will be reported.
thanks for that > > I download some files from the web, some works fine with tcpdump but > > for some file the above error message comes out following several valid > > IP packets. > >Perhaps either > > 1) the file you downloaded was somehow corrupt > >or > > 2) the process of downloading it mangled it (e.g., some tool > thinking it needs to convert CR/LF to LF). Could please explain a little bit more about this. There be something wrong with the download tool since some one can download the files correctly. I found there I.E. works differently with Netscape in respect to this. > > Another error happens as following if I run the following command > > /usr/sbin/tcpdump -F filter -n -r inside1fri.tcpdump.gz|perl justip.pl > > |sort -u > ipinside1fri.txt > > > > tcpdump: pcap_loop: truncated dump file > >Well, if "inside1fri.tcpdump.gz" is, as the name suggests, gzipped, that >won't work in standard versions of tcpdump linked with standard versions >of libpcap - they can't read gzipped files. You'd have to do > > gzcat inside1fri.tcpdump.gz | /usr/sbin/tcpdump -F filter -n -r - | > perl justip.pl | sort -u > ipinside1fri.txt This another thing which make me think there are something wrong with the browser. because the file giziped format, but the actually file is unzipped already. This why have to use "cat" instead of "gzcat". or the system says "this is not gzip format" Could u give me any suggestion of how to fixed the download problem. thanks a lot! the web data i will download from is http://www.ll.mit.edu/IST/ideval/data/1999/1999_data_index.html The darpa Instrusion detection dataset. Has anyone download this before? All the best - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
