From owner-freebsd-questions  Thu Nov 16 12:39:17 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from rush.telenordia.se (mail.telenordia.se [194.213.64.42])
	by hub.freebsd.org (Postfix) with SMTP id 6580037B479
	for <questions@FreeBSD.ORG>; Thu, 16 Nov 2000 12:39:14 -0800 (PST)
Received: (qmail 18241 invoked from network); 16 Nov 2000 21:39:07 +0100
Received: from bb-62-5-7-17.bb.tninet.se (HELO marbsd.tninet.se) (62.5.7.17)
  by mail.telenordia.se with SMTP; 16 Nov 2000 21:39:07 +0100
From: Mark Rowlands <mark.rowlands@minmail.net>
Reply-To: mark.rowlands@minmail.net
Date: Thu, 16 Nov 2000 21:32:49 +0000
X-Mailer: KMail [version 1.1.99]
Content-Type: text/plain;
  charset="us-ascii"
Cc: questions@FreeBSD.ORG
To: "Batra, Lalit M" <batralm@jmu.edu>
References: <20001116220021.B36386@albury.net.au> <EXECMAIL.1001116031908.A@artvandelay.jmu.edu> <EXECMAIL.1001116113547.A@hppav.jmu.edu>
In-Reply-To: <EXECMAIL.1001116113547.A@hppav.jmu.edu>
Subject: Re: tcpdump: bad file format
MIME-Version: 1.0
Message-Id: <00111621324900.38022@marbsd.tninet.se>
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thursday 16 November 2000 16:35, Batra, Lalit M wrote:
> What you are saying has been tried but I get the same
> result.I ac read the file otherwise. This has some thing to
> do with pcap.h.NAy ideas
>
>
> On Thu, 16 Nov 2000 22:00:21 +1100 Nick Slager <nicks@albury.net.au>
>
> wrote:
> > Thus spake Batra, Lalit M (batralm@jmu.edu):
> > > I am doing some network experimenst(FREEBSD), Using
> > > Tcpdump.I cannot convert the tcpdump "output.dmp" into
> > > binary form so thatt i can use Tcptrace and then xplot to
> > > see the packets.
> > > Following are the steps which i am doing:-
> > > 1) tcpdump -i xl1 host 192.168.20.2 > output.dmp
> > > 2) tcpdump -r output.dmp
> > > ERROR: bad dump file format.????
> > > I have also tried -w option , same error.
> >
> > How exactly are you using -w? It should be like this:
> >
> >   tcpdump -i xl1 -w output.dmp host 192.168.20.2
> >
> > You can't just redirect the ascii output; you must use -w.
> >


if you do a cat of your output.dmp and you will see it is human readable 
format

try it again just as written :-

tcpdump -c 10  -i xl1 -w output.dump host 192.168.20.2

tcpdump -r output.dump -n

and if you still get bad format post the result  (10 packets)
..

from man tcpdump

 -r     Read packets from file (which was created with  the
        -w  option).   Standard  input  is  used if file is
        ``-''.

tcpdum -V

tcpdump version 3.5
libpcap version 0.5

Usage: tcpdump [-adeflnNOpqStvxX] [-c count] [ -F file ]
                [ -i interface ] [ -r file ] [ -s snaplen ]
                [ -T type ] [ -w file ] [ expression ]





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message