[Oisf-users] Suricata "bogus savefile header" error message

Gerald Roy 15096873 at brookes.ac.uk
Thu Aug 17 08:37:54 UTC 2017


Hi,
I'm running Suricata 4.0.0 on a Raspberry Pi.  I get the TCPDump PCAP files
from a Linksys WRT1900ACS router running DD-WRT and TCPDump 4.5.1.  The
capture logs are transferred from the router to the Pi over SSH with
tcpdump -nn -i any -F tcpdumpfilter -w - | ssh -T pi at 192.168.0.9 "cat ->
/home/pi/dogbert/br0-remote.pcap"
and then on the Pi I run
sudo suricata -c /etc/suricata/suricata.yaml -r
/home/pi/dogbert/br0-remote.pcap
I get the following error from Suricata "16/8/2017 -- 11:11:51 - <Error> -
[ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - error code -1 bogus savefile
header".  What is going wrong?  Any help appreciated.
Thanks
Gezzaroy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170817/67b318cb/attachment.html>


More information about the Oisf-users mailing list