On 31/10/2020 08:43, Mostaf Faridi wrote:
I run on server this
Tcpdump -i bge0 -w file.pcap
For 3 min
When I run
Nfdump -r file.pcap
I see this error
Openfile 'file.pcap' : bad magic: 0xC3D4
Sorry my mistake: pcap files are read by nfcapd, not nfdump. So you'd
need to do:
nfcapd -f file.pcap ....
nfdump reads nfdump-format data files, which are *written* by nfcapd.
Now, you're saying it's not nfcapd that crashes, but nfdump. This could
mean one of two things:
1. The problematic netflow data is causing nfcapd to write out an
invalid nfdump-format file (which in turn causes nfdump to crash); or
2. nfcapd is writing out a valid nfdump-format file, but nfdump crashes
on that specific flow
I'm afraid you'll need to do some C debugging to find out which of these
cases it is.
Regards,
Brian.
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss