Re: ulogd-pcap file format not understood by ethereal

To: debian-firewall@lists.debian.org
Subject: Re: ulogd-pcap file format not understood by ethereal
From: Achim Löbbert <aloebbert@gmx.de>
Date: Sun, 9 May 2004 11:12:24 +0200 (CEST)
Message-id: <[🔎] c7kslo$2pp$1@cesar.loebbert.de>
References: <1TjFY-7QJ-17@gated-at.bofh.it>

I found the solution myself:
> the file /var/log/ulog/pcap.log created by ulogd is not understood by
> ethereal and tcpdump any more. Even 'file /var/log/ulog/pcap.*' says:
> 
> /var/log/ulog/pcap.log:   data

when /var/log/ulog/pcap.log does not exist during ulogd startup it
will be created and initialised by a 24 byte header.

If it exists as empty file the 24 byte header is not initialised but
packets hitting the ULOG targets are just appended to the file.

My silly mistake was to manually truncate it to zero using touch.

Achim

Reply to:

Prev by Date: Re: where the people are using iptables
Next by Date: Re: where the people are using iptables
Previous by thread: ulogd-pcap file format not understood by ethereal
Next by thread: firewall setup - firewall newbie
Index(es):
- Date
- Thread