Localhost
tcpdump --version
tcpdump version 4.9.3
libpcap version 1.9.1 (with TPACKET_V3)
OpenSSL 1.1.1f 31 Mar 2020
ldd /usr/sbin/tcpdump
linux-vdso.so.1 (0x00007ffd30db7000)
libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f0ef7a55000)
libpcap.so.0.8 => /usr/lib/x86_64-linux-gnu/libpcap.so.0.8 (0x00007f0ef7a0a000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f0ef7818000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f0ef7812000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f0ef77ef000)
/lib64/ld-linux-x86-64.so.2 (0x00007f0ef7fa9000)
md5sum test_signature.acp
e1b0ebd79f0f4120f9f60f0371eacb6c test_signature.acp
Docker container
[root@2c39d228331d suri] tcpdump --version
tcpdump version 4.9.2
libpcap version 1.9.0-PRE-GIT (with TPACKET_V3)
OpenSSL 1.1.1c FIPS 28 May 2019
[root@2c39d228331d suri] ldd /usr/sbin/tcpdump
linux-vdso.so.1 (0x00007ffef95be000)
libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007f9195d41000)
libpcap.so.1 => /lib64/libpcap.so.1 (0x00007f9195afb000)
libc.so.6 => /lib64/libc.so.6 (0x00007f9195739000)
libz.so.1 => /lib64/libz.so.1 (0x00007f9195522000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f919531e000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f91950fe000)
/lib64/ld-linux-x86-64.so.2 (0x00007f919669d000)
I tried editing the pcap header to be version 2.4 (seems standard) but then tcpdump throws some other error. Not really sure what’s going on if you have the same md5 on your file.
[root@2c39d228331d suri]# file test_signature.pcap
test_signature.pcap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 65535)
[root@2c39d228331d suri]# tcpdump -n -r test_signature.pcap
reading from file test_signature.pcap, link-type EN10MB (Ethernet)
00:00:00.000000 IP 1.1.1.1.37175 > 2.2.2.2.5180: Flags [.], seq 1644606715:1644608063, ack 1314311174, win 221, options [nop,nop,TS val 803496242 ecr 2933921374], length 1348
tcpdump: pcap_loop: truncated dump file; tried to read 16 header bytes, only got 1