ids capture logs

ouellette-a · ‎08-18-2005

When opening a downloaded ip logging capture file with ethereal I always get errors similar to:

The capture file appears to be damaged or corrupt.

(pcap: File has 1308622848-byte packet, bigger than maximum of 65535)

does anyone else have this problem, verion info below

thanks,allen

ids 5.0.1

Compiled with GTK+ 2.4.14, with GLib 2.4.7, with WinPcap (version unknown),

with libz 1.2.2, with libpcre 4.4, with Running with WinPcap (3.0) on Windows 2000 Service Pack 4, build 2195.

s-doyle · ‎08-24-2005

Threat Response works with Cisco Intrusion Detection System (IDS) sensors to provide an efficient intrusion protection solution. Threat Response virtually eliminates false alarms, escalates real attacks, and aids in the remediation of costly intrusions.

http://www.cisco.com/en/US/products/sw/secursw/ps5054/products_user_guide_chapter09186a00801753ac.html#1028120

cgiulini · ‎10-07-2005

I am seeing similar problems. Slightly newer version of Ethereal and WinPcap. Does anyone have any suggestions/solutions for this?

Thanks,

Chad

Ethereal version info is below:

Compiled with GTK+ 2.4.14, with GLib 2.4.7, with WinPcap (version unknown),

with libz 1.2.3, with libpcre 4.4, with Net-SNMP 5.2.1.2, with ADNS.

Running with WinPcap version 3.1 (packet.dll version 3, 1, 0, 27), based on libpcap version 0.9[.x] on Windows XP Service Pack 2, build 2600.

marcabal · ‎10-10-2005

How are you downloading the IP Log?

I have heard reports that when downloaded through IDM when running inside Microsoft Internet Explorer that the IP Log files can be corrupted.

When running IDM in other browsers there wasn't a problem, so if I remember right they think it is a MSIE bug.

Instead of using IDM try using the "copy" command in the sensor to copy the IP Log to an ftp or scp server.

cgiulini · ‎10-11-2005

Currently using Firefox 1.0.6. I will upgrade to 1.0.7 to see if this addresses the issue. I will also try an scp copy to see if that resolves the issue.

Thanks for the response!