[Oisf-users] Suricata "bogus savefile header" error message

Gerald Roy 15096873 at brookes.ac.uk
Thu Aug 17 08:37:54 UTC 2017

I'm running Suricata 4.0.0 on a Raspberry Pi.  I get the TCPDump PCAP files
from a Linksys WRT1900ACS router running DD-WRT and TCPDump 4.5.1.  The
capture logs are transferred from the router to the Pi over SSH with
tcpdump -nn -i any -F tcpdumpfilter -w - | ssh -T pi at "cat ->
and then on the Pi I run
sudo suricata -c /etc/suricata/suricata.yaml -r
I get the following error from Suricata "16/8/2017 -- 11:11:51 - <Error> -
[ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - error code -1 bogus savefile
header".  What is going wrong?  Any help appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170817/67b318cb/attachment.html>

More information about the Oisf-users mailing list