cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
780
Views
0
Helpful
4
Replies

ids capture logs

ouellette-a
Level 1
Level 1

When opening a downloaded ip logging capture file with ethereal I always get errors similar to:

The capture file appears to be damaged or corrupt.

(pcap: File has 1308622848-byte packet, bigger than maximum of 65535)

does anyone else have this problem, verion info below

thanks,allen

ids 5.0.1

ethereal Version 0.10.11 (C) 1998-2005

Compiled with GTK+ 2.4.14, with GLib 2.4.7, with WinPcap (version unknown),

with libz 1.2.2, with libpcre 4.4, with Running with WinPcap (3.0) on Windows 2000 Service Pack 4, build 2195.

4 Replies 4

s-doyle
Level 3
Level 3

Threat Response works with Cisco Intrusion Detection System (IDS) sensors to provide an efficient intrusion protection solution. Threat Response virtually eliminates false alarms, escalates real attacks, and aids in the remediation of costly intrusions.

http://www.cisco.com/en/US/products/sw/secursw/ps5054/products_user_guide_chapter09186a00801753ac.html#1028120

cgiulini
Level 1
Level 1

I am seeing similar problems. Slightly newer version of Ethereal and WinPcap. Does anyone have any suggestions/solutions for this?

Thanks,

Chad

Ethereal version info is below:

Version 0.10.12 (C) 1998-2005 Gerald Combs <gerald@ethereal.com>

Compiled with GTK+ 2.4.14, with GLib 2.4.7, with WinPcap (version unknown),

with libz 1.2.3, with libpcre 4.4, with Net-SNMP 5.2.1.2, with ADNS.

Running with WinPcap version 3.1 (packet.dll version 3, 1, 0, 27), based on libpcap version 0.9[.x] on Windows XP Service Pack 2, build 2600.

How are you downloading the IP Log?

I have heard reports that when downloaded through IDM when running inside Microsoft Internet Explorer that the IP Log files can be corrupted.

When running IDM in other browsers there wasn't a problem, so if I remember right they think it is a MSIE bug.

Instead of using IDM try using the "copy" command in the sensor to copy the IP Log to an ftp or scp server.

Currently using Firefox 1.0.6. I will upgrade to 1.0.7 to see if this addresses the issue. I will also try an scp copy to see if that resolves the issue.

Thanks for the response!

Review Cisco Networking for a $25 gift card