On Feb 14, 2007, at 4:55 PM, Donald Musser wrote:
When I performed the original tcpdump on my production server, I did
use the -w option. I then used Konqueror to transfer the file to my
local CentOS machine. So perhaps the file was mangled somehow, as
you said?
How did you transfer it with Konqueror? Drag-and-drop? If so, then
Konqueror *shouldn't* have mangled the file when transferring it
(either it was done with an ordinary file copy, or kioslave I/O, and
if either of those mangle the file, Something's Broken).
I did note upon re-examining the file that it was empty. Perhaps
this also is lending to the problem?
An empty file isn't a valid libpcap file; the minimum size is 24 bytes
(that's the size of the libpcap per-file header).
Is the file empty on your production server?