Re: tcpdump: packet printing is not supported for link type PFLOG

["Jason Pyeron" <jpyeron () pdinc us>]

> -----Original Message-----
> From: Guy Harris 
> Sent: Monday, October 27, 2014 1:47
>
> On Oct 26, 2014, at 7:55 PM, "Jason Pyeron" <jpyeron () pdinc us> wrote:
>
> > When I './tcpdump  -r -' I get a:
> > reading from file -, link-type PFLOG (OpenBSD pflog file)
> > tcpdump: packet printing is not supported for link type PFLOG: use -w
> >
> > I am using tcpdump 4ac7226 and libpcap 625575f.
> >
> > Did I miss a configure option?
>
> Are you building on an operating system that supports PFLOG 
> as a filter mechanism?

Not even close.

> If not, then the option you missed is the "use an operating 
> system that supports PFLOG as a filter mechanism, and that 
> provides the headers for PFLOG packets as a standard system 
> include file" option.

Was hoping to use tcpdump instead of wireshark for visulization.

> I think the only OSes that support those options are OpenBSD 
> and FreeBSD; if you're not building on those OSes, you can't 
> read PFLOG files, because the developers of PFLOG apparently 
> found it too difficult either to standardize the PFLOG header 
> or to add a version field to it, so that 
> LINKTYPE_PFLOG/DLT_PFLOG can be a standard format in pcap and 
> pcap-ng files writable by one operating system and readable 
> by a different operating system, rather than a file whose 
> format is OS and OS-version dependent and that therefor can 
> only be read by a program expecting a particular OS version's 
> flavor of PFLOG.

Nice job BSD people. Could there be a way to force support for a specific version? In my case FreeBSD 8.1-RELEASE-p13 / 
FreeBSD 8.3-RELEASE-p16.

> (And if you *are* building on those OSes, what you'll get is 
> a version of tcpdump that can read dumps from that particular 
> version of the OS, but won't necessarily be able to read 
> dumps from other versions of the same OS or other OSes.)

This may be off topic but how does wireshark deal with this issue?

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00. 

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers