Hosting Provided By

Re: [Snort-users] "Saving State" in Snort

From: Michael L. Artz <dragon(at)october29.net>
Date: Thu Apr 17 2003 - 21:49:12 EDT

This seems to fail for me on the "breaks" between files with the error:

pcap_loop: truncated dump file

I assume that this has to do with the little header that tcpdump adds to the beginning of each file, i.e. I can mergecap them and run them through just fine. Is there something that I am missing beyond 'cat *.pcap | snort -r -'? Would a newer libpcap solve the problem?

Snort 1.9.1, fairly stock RH8.0.

-Mike

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Thu Apr 17 22:37:34 2003

Do you need help?

This message: [ Message body ]
Next message: Michael L. Artz: "[Snort-users] Benchmarking snort"
Previous message: Rick S.: "RE: [Snort-users] generating an alert"
In reply to Chris Green: "Re: [Snort-users] "Saving State" in Snort"
Next in thread: Chris Green: "Re: [Snort-users] "Saving State" in Snort"
Reply: Chris Green: "Re: [Snort-users] "Saving State" in Snort"
Reply: Chris Green: "Re: [Snort-users] "Saving State" in Snort"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:11:58 EDT