Hi, I'm logging dropped packets with ulogd2 into a pcap file so that tcpdump should be able to read it. At some point tcpdump is not anymore able to read the file and quits with "unknown file format". The file command instead is printing a correct header: /var/log/ulog/ulogd.pcap: tcpdump capture file (little-endian) - version 2.4 (raw IP, capture length 65536) Also I still can have the file open and see packets beeing logged but when I try to open a new tcpdump in another shell I get the error. When I delete the file and start a new one everything is to be working again. Is anyone else also facing this error? Ideas for starting debugging which is causing the error? Packet details: tcpdump: 4.6.2-5+deb8u1 ulogd2: 2.0.4-2+deb8u1 ulogd2-pcap: 2.0.4-2+deb8u1 iptables: 1.4.21-2+b1 Kernel: 3.16.0-4-amd64 Cheers Flo
Attachment:
signature.asc
Description: OpenPGP digital signature