Workaround for truncated dump file – NTOP Suspicious Packets File

I was encountering an error when trying to run tcpdump using the suspicious packets or other packets PCAP files generated by ntop as input. Tcpdump would display an error message stating the provided file was a “Truncated dump file” and die. the end. No beans.

The Workaround: Don’t run NTOP in daemon mode.
Don’t use the -d or –daemon command line argument. This also means that any common means of starting ntop as service such as with `/etc/init.d/ntop start` or `service ntop start` also results in failure.

The real answer: Stay current: As of this writing ntop has been replaced by it’s successor ntopng which is freely available and available freely: ntopng v.1.0 [stable] is available for download as pre-compiled packages or build-your-own from source of course. ^_^

Other then that I hadn’t resolved a real answer – however the NTOP Man Page warns about daemon mode under the –output-packet-path command line option. *shrug*

My Enviornment:

  • NTOP v.4.1.0 (32 bit)
  • Ubuntu [precise] 12.04.3 LTS
    • Linux hq 3.2.0-53-generic-pae #81-Ubuntu SMP
    • Thu Aug 22 21:23:47 UTC 2013
    • i686 i686 i386 GNU/Linux
  • tcpdump version 4.2.1
  • libpcap version 1.1.1

 

Leave a Reply

Your email address will not be published. Required fields are marked *