tcpdump mailing list archives
Re: tcpdump + pf_ring capture: bogus savefile header
From: "M. V." <bored_to_death85 () yahoo com>
Date: Tue, 8 Mar 2011 22:15:36 -0800 (PST)
it's the modified version that comes with pf_ring. actually the problem solved. apparently pf_ring before revision 4498 has this problem (on some systems?) which is solved in 4498 or newer revisions (mine was 4494). i upgraded my pf_ring source from svn to latest (4521) and problem solved (along with the other problem i had: incorrect report of packet-drop statistics by tcpdump, which seems to be solved in newer version) but sadly, my packet-drop rate and capturing performance didn't get better using pf_ring either. Cheers! On March 8, 2011, at 10:21 PM Guy Harris wrote:
Is that standard tcpdump, or Luca's modified tcpdump (which is part of the PF_RING stuff)? If it's the standard tcpdump, what happens if you pass it the argument "-s 8192" when you capture to a file?-
On Mar 8, 2011, at 1:15 AM, M. V. wrote:
now, when i use tcpdump which is compiled with libpcap-pf_ring to capture traffic,
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- tcpdump + pf_ring capture: bogus savefile header M. V. (Mar 08)
- Re: tcpdump + pf_ring capture: bogus savefile header Guy Harris (Mar 08)
- Re: tcpdump + pf_ring capture: bogus savefile header M. V. (Mar 08)
- Re: tcpdump + pf_ring capture: bogus savefile header Guy Harris (Mar 08)