Thanks -Mike
- This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]
What could cause tcpdump to output the error 'pcap_loop: bogus savefile
header'? I did a little searching, and came up with the fact that
tcpdump (or libpcap) might get confused when the data packet's size does
not match what tcpdump thinks it is. I have been running a tcpdump
audit log to supplement my IDS (snort), which has alerted on several IP
packets that seem to be using an unassigned IP protocol. When I attempt
to view them from my audit logs, I get the "bogus savefile" error. I am
running on a pretty stock RH 7.3 set. Will upgrading libpcap/tcpdump
fix the problem?
