Re: ulogd-pcap file format not understood by ethereal
I found the solution myself:
> the file /var/log/ulog/pcap.log created by ulogd is not understood by
> ethereal and tcpdump any more. Even 'file /var/log/ulog/pcap.*' says:
> /var/log/ulog/pcap.log: data
when /var/log/ulog/pcap.log does not exist during ulogd startup it
will be created and initialised by a 24 byte header.
If it exists as empty file the 24 byte header is not initialised but
packets hitting the ULOG targets are just appended to the file.
My silly mistake was to manually truncate it to zero using touch.