[tcpdump-workers] tcpdump: packet printing is not supported for link type PFLOG

2014-10-26 Thread Jason Pyeron
When I './tcpdump  -r -' I get a:
reading from file -, link-type PFLOG (OpenBSD pflog file)
tcpdump: packet printing is not supported for link type PFLOG: use -w

I am using tcpdump 4ac7226 and libpcap 625575f.

Did I miss a configure option?

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers


Re: [tcpdump-workers] tcpdump: packet printing is not supported for link type PFLOG

2014-10-26 Thread Guy Harris

On Oct 26, 2014, at 7:55 PM, "Jason Pyeron"  wrote:

> When I './tcpdump  -r -' I get a:
> reading from file -, link-type PFLOG (OpenBSD pflog file)
> tcpdump: packet printing is not supported for link type PFLOG: use -w
> 
> I am using tcpdump 4ac7226 and libpcap 625575f.
> 
> Did I miss a configure option?

Are you building on an operating system that supports PFLOG as a filter 
mechanism?

If not, then the option you missed is the "use an operating system that 
supports PFLOG as a filter mechanism, and that provides the headers for PFLOG 
packets as a standard system include file" option.

I think the only OSes that support those options are OpenBSD and FreeBSD; if 
you're not building on those OSes, you can't read PFLOG files, because the 
developers of PFLOG apparently found it too difficult either to standardize the 
PFLOG header or to add a version field to it, so that LINKTYPE_PFLOG/DLT_PFLOG 
can be a standard format in pcap and pcap-ng files writable by one operating 
system and readable by a different operating system, rather than a file whose 
format is OS and OS-version dependent and that therefor can only be read by a 
program expecting a particular OS version's flavor of PFLOG.

(And if you *are* building on those OSes, what you'll get is a version of 
tcpdump that can read dumps from that particular version of the OS, but won't 
necessarily be able to read dumps from other versions of the same OS or other 
OSes.)

___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers