Guest

Preview Tool

Cisco Bug: CSCvt56331 - PCAP files Downloaded from Splunk are Corrupt on Cisco eStreamer eNcore Add-on for Splunk v.3.5.7

Last Modified

Apr 03, 2020

Products (1)

  • Cisco Firepower Management Center

Known Affected Releases

3.5.4

Description (partial)

Symptom:
Not able to download as a PCAP file the intrusion events from the eNcore eStreamer client installed on Splunk.

When try to download some events as a PCAP file it download but when you try to open it, in this case, in Wireshark software, it display an error message.

When tried to open the pcap file in Wireshark error The capture file appears to be damaged or corrupt. This error seems that the files were transferred by FTP, but in ASCII mode instead of BINARY mode.

Conditions:
This error appears on Cisco eStreamer eNcore Add-on for Splunk v.3.5.7

Just Intrusion Events have the option to download as PCAP files on the eNcore side.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.