Cisco Bug: CSCvt56331 - PCAP files Downloaded from Splunk are Corrupt on Cisco eStreamer eNcore Add-on for Splunk v.3.5.7
Apr 03, 2020
- Cisco Firepower Management Center
Known Affected Releases
Symptom: Not able to download as a PCAP file the intrusion events from the eNcore eStreamer client installed on Splunk. When try to download some events as a PCAP file it download but when you try to open it, in this case, in Wireshark software, it display an error message. When tried to open the pcap file in Wireshark error The capture file appears to be damaged or corrupt. This error seems that the files were transferred by FTP, but in ASCII mode instead of BINARY mode. Conditions: This error appears on Cisco eStreamer eNcore Add-on for Splunk v.3.5.7 Just Intrusion Events have the option to download as PCAP files on the eNcore side.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases