[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
pf & tcpdump on 3.0
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: pf & tcpdump on 3.0
- From: Arjan Vos <arhab_(_at_)_chello_(_dot_)_nl>
- Date: Sat, 29 Dec 2001 13:26:14 +0100
- Reply-to: arhab_(_at_)_chello_(_dot_)_nl
I run a OpenBSD 3.0 machine with pf. Runs nice and I can monitor logs
through tcpdump -netttvi pflog0 or check the binary log files through
tcpdump -netttvr /var/log/pflog.
However, I don't have X running so I copy the pflog file to another
machine in order to load it in Ethereal. That won't work. Ethereal
doesn't load the pflog file and says something like "unknown data link
I tried tcpdump -netttvr pflog on other machines (FreeBSD and Linux,
tcpdump versions 3.6.0 and 3.4.x) and
they can't read the file saying "unknown data link type 17" or do read
the file but the output is totally messed up.
After that I tried to run it through tcpshow and tcpflow on the OpenBSD
on the OpenBSD 3.0 box and also these tools can't handle the pflog file
with a "unknown data link type 17" error.
Does someone have a clue on why I can't read the pflog files, except
with OpenBSD 3.0's tcpdump version 3.4.0?
thanx for any answer/clue
Wear glasses if you need them
Visit your host, monkey.org