Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Nov 2000 21:32:49 +0000
From:      Mark Rowlands <mark.rowlands@minmail.net>
To:        "Batra, Lalit M" <batralm@jmu.edu>
Cc:        questions@FreeBSD.ORG
Subject:   Re: tcpdump: bad file format
Message-ID:  <00111621324900.38022@marbsd.tninet.se>
In-Reply-To: <EXECMAIL.1001116113547.A@hppav.jmu.edu>
References:  <20001116220021.B36386@albury.net.au> <EXECMAIL.1001116031908.A@artvandelay.jmu.edu> <EXECMAIL.1001116113547.A@hppav.jmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thursday 16 November 2000 16:35, Batra, Lalit M wrote:
> What you are saying has been tried but I get the same
> result.I ac read the file otherwise. This has some thing to
> do with pcap.h.NAy ideas
>
>
> On Thu, 16 Nov 2000 22:00:21 +1100 Nick Slager <nicks@albury.net.au>
>
> wrote:
> > Thus spake Batra, Lalit M (batralm@jmu.edu):
> > > I am doing some network experimenst(FREEBSD), Using
> > > Tcpdump.I cannot convert the tcpdump "output.dmp" into
> > > binary form so thatt i can use Tcptrace and then xplot to
> > > see the packets.
> > > Following are the steps which i am doing:-
> > > 1) tcpdump -i xl1 host 192.168.20.2 > output.dmp
> > > 2) tcpdump -r output.dmp
> > > ERROR: bad dump file format.????
> > > I have also tried -w option , same error.
> >
> > How exactly are you using -w? It should be like this:
> >
> >   tcpdump -i xl1 -w output.dmp host 192.168.20.2
> >
> > You can't just redirect the ascii output; you must use -w.
> >


if you do a cat of your output.dmp and you will see it is human readable 
format

try it again just as written :-

tcpdump -c 10  -i xl1 -w output.dump host 192.168.20.2

tcpdump -r output.dump -n

and if you still get bad format post the result  (10 packets)
..

from man tcpdump

 -r     Read packets from file (which was created with  the
        -w  option).   Standard  input  is  used if file is
        ``-''.

tcpdum -V

tcpdump version 3.5
libpcap version 0.5

Usage: tcpdump [-adeflnNOpqStvxX] [-c count] [ -F file ]
                [ -i interface ] [ -r file ] [ -s snaplen ]
                [ -T type ] [ -w file ] [ expression ]





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00111621324900.38022>