Hi thanks

I run on server this

Tcpdump -i bge0 -w file.pcap

 For 3 min
When I run
Nfdump -r file.pcap

I see this error

Openfile 'file.pcap' : bad magic: 0xC3D4

Best regards
Faridi

MyWebSite http://mfaridi.com

On Thu, 29 Oct 2020, 19:23 Brian Candler, <b.cand...@pobox.com> wrote:

> On 29/10/2020 11:35, Mostaf Faridi wrote:
> > I use nfdump-1.6.16_1
> > They installed this version of nfdump on many servers. Only on one
> > server, I see core dump.
> > Nfdump installed on FreeBSD box and traffic comes from centos OS.
> > Where I must run nfdump . on FreeBSD box or Centos box?
>
> You run nfcapd on whatever server the Netflow packets arrive at. It
> writes files containing the netflow data, normally one file every 5
> minutes.
>
> You run nfdump on whatever server is reading the files written by
> nfcapd.  It might be the same server, or a different one - e.g. if the
> files are shared over NFS.
>
> > I want know which packages can make cordump. For example which package
> > like tcp or udp packages make core dump?
>
> The operating system writes a core dump when a program crashes, e.g.
> because it executes an illegal instruction or tries to access
> out-of-bounds memory.
>
> > If I run tcpdump how I understand which packet make core dump?
> >
> tcpdump is mainly useful for capturing packets, so you can feed them
> back into nfcapd or nfdump, and reproduce the problem on demand.
>
> However with or without tcpdump, you still need to:
>
> - compile nfdump 1.6.20 from source
> - run it until it crashes
> - use gdb to read the coredump
> - perform a backtrace and inspect variables to work out what caused the
> crash
>
> OR
>
> - compile nfdump 1.6.20 from source
> - run it *under gdb* until it crashes
> - perform a backtrace and inspect variables to work out what caused the
> crash
>
> However, this is not the list to explain how to debug C code.  I suggest
> you find a local system administrator and/or C programmer who can help you.
>
>
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to