Snort mailing list archives
RE: Error trying to read in tcpdump file
From: "Jason Lewis" <jlewis () jasonlewis net>
Date: Tue, 12 Jun 2001 20:51:24 -0400
Ok.... Which BSD distribution? I am working on documentation and How-To's for my install and RedHat is the corporate standard. I figured I would stay with it, so someone else can deal with it while I am on vacation. ;) It will also make it easy for those new to Snort. Anyone see any longterm problems? Jason Lewis http://www.packetnexus.com It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. -----Original Message----- From: roesch () mail sourcefire com [mailto:roesch () mail sourcefire com]On Behalf Of Martin Roesch Sent: Tuesday, June 12, 2001 9:51 AM To: jlewis () jasonlewis net Cc: 'Snort Mailing List' Subject: Re: [Snort-users] Error trying to read in tcpdump file Sorry, Redhat has a really bad tendency to mess with stuff and not tell anyone about it, they've been "sorta" compatable for a long time and they're getting worse about it (struct timeval anyone? how about their own private pcap extensions?). Redhat is the reason that I stopped developing on linux and switched to BSD. -Marty Jason Lewis wrote:
HEY!!! No attacks on my distribution!! ;) Yes they are both RedHat. Now that you mention it, one is 2.4 and the
other
is 2.2. jas -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Martin Roesch Sent: Monday, June 11, 2001 10:44 PM To: 'Snort Mailing List' Subject: Re: [Snort-users] Error trying to read in tcpdump file Is one of them a linux box and the other not (or worse yet, one of them a redhat box)? -Marty Jason Lewis wrote:DUH!!..... It looks like I am not using the same version of libpcap onbothservers. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Jason Lewis Sent: Monday, June 11, 2001 9:54 PM To: 'Snort Mailing List' Subject: [Snort-users] Error trying to read in tcpdump file --== Initializing Snort ==-- TCPDUMP file reading mode. Reading network traffic from "/home/jlewis/snort-0611 () 0231 log" file. snaplen = 1514 ERROR: OpenPcap() FSM compilation failed: unknown data link type 0x71 PCAP command: (null) Fatal Error, Quitting.. Here is the command I am using. /usr/local/bin/snort -u snort -g snort -c /etc/snort/snort.conf -r /home/jlewis/snort-0611 () 0231 log What am I missing? I am ftping this from a remote sensor to my db
server
and trying to replay the file to populate the db. Jason Lewis http://www.packetnexus.com It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Guardian Neal Timm (Jun 11)
- <Possible follow-ups>
- Guardian Neal Timm (Jun 11)
- Error trying to read in tcpdump file Jason Lewis (Jun 11)
- RE: Error trying to read in tcpdump file Jason Lewis (Jun 11)
- Re: Error trying to read in tcpdump file Martin Roesch (Jun 11)
- RE: Error trying to read in tcpdump file Jason Lewis (Jun 12)
- Re: Error trying to read in tcpdump file Martin Roesch (Jun 12)
- RE: Error trying to read in tcpdump file Jason Lewis (Jun 12)
- Re: Error trying to read in tcpdump file Martin Roesch (Jun 12)
- Error trying to read in tcpdump file Jason Lewis (Jun 11)