Re: tcpdump for [!] WARNING: Not IPv4 datagram! ([ver: 0x5][len: 0xdc05])]

[John Sage <jsage () finchhaven com>]

Max:

On Mon, Jul 22, 2002 at 04:21:09PM -0500, max valdez wrote:
> Ok, I'm having a mayor problem here
>
> I can see others can read perfectly my tcpdump, but I cant, so what can
> be wrong ?, I changes from RH7.3 libpcap to 0.7.1, recompiled snort and
> still seeing the same error on "snort -v" or reading the dump file.
>
> Agree is not a router switch problem, but the what is it ?? I'm deeper
> than this morning, help pleas !!
> Max
> -- 

Are you capturing the packets in the first place via snort, or tcpdump?

If tcpdump, try capturing packets with snort -b and adjust your
snort.conf accordingly, if needed..

Compile snort afresh (which I think you have..) and let *it* capture
the packets.

Then read them back with snort -dv -r [filename]

I do that all the time (in fact I *only* -b binary log..) and I know
it works.


- John
-- 
"Cowardly refusing to create an empty archive."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users