On Aug 25, 2012, at 8:56 PM, hadi motamedi wrote:
> Please be informed that the outputs are as the followings :
...
> # od -bc /tmp/mss0-pps.pcap | head
> 0000000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
> \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0
> *
That is not even remotely close to being a pcap file. I have *no* idea what programs other than tcpdump wrote to that file, but either
1) you have a very buggy version of tcpdump on your machine;
2) tcpdump is using a very buggy version of libpcap on your machine;
3) some *other* program wrote to that file and damaged it beyond repair.
In any case, there is almost certainly nothing you can do to get packet data from that capture. I would suggest that you delete the file, try another capture, and if the same problem occurs, file a bug with the CentOS developers.