[tcpdump-workers] tcpdump: packet printing is not supported for link type PFLOG
When I './tcpdump -r -' I get a: reading from file -, link-type PFLOG (OpenBSD pflog file) tcpdump: packet printing is not supported for link type PFLOG: use -w I am using tcpdump 4ac7226 and libpcap 625575f. Did I miss a configure option? -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] tcpdump: packet printing is not supported for link type PFLOG
> -Original Message- > From: Guy Harris > Sent: Monday, October 27, 2014 1:47 > > On Oct 26, 2014, at 7:55 PM, "Jason Pyeron" wrote: > > > When I './tcpdump -r -' I get a: > > reading from file -, link-type PFLOG (OpenBSD pflog file) > > tcpdump: packet printing is not supported for link type PFLOG: use -w > > > > I am using tcpdump 4ac7226 and libpcap 625575f. > > > > Did I miss a configure option? > > Are you building on an operating system that supports PFLOG > as a filter mechanism? Not even close. > > If not, then the option you missed is the "use an operating > system that supports PFLOG as a filter mechanism, and that > provides the headers for PFLOG packets as a standard system > include file" option. Was hoping to use tcpdump instead of wireshark for visulization. > > I think the only OSes that support those options are OpenBSD > and FreeBSD; if you're not building on those OSes, you can't > read PFLOG files, because the developers of PFLOG apparently > found it too difficult either to standardize the PFLOG header > or to add a version field to it, so that > LINKTYPE_PFLOG/DLT_PFLOG can be a standard format in pcap and > pcap-ng files writable by one operating system and readable > by a different operating system, rather than a file whose > format is OS and OS-version dependent and that therefor can > only be read by a program expecting a particular OS version's > flavor of PFLOG. Nice job BSD people. Could there be a way to force support for a specific version? In my case FreeBSD 8.1-RELEASE-p13 / FreeBSD 8.3-RELEASE-p16. > > (And if you *are* building on those OSes, what you'll get is > a version of tcpdump that can read dumps from that particular > version of the OS, but won't necessarily be able to read > dumps from other versions of the same OS or other OSes.) This may be off topic but how does wireshark deal with this issue? -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] [OT] can't find vendor for 98:0C:82:BD:87:73
It is an OUI enforce unicast MAC address, but I cannot find the vendor in any OUI lookup tool. Anyone know where to lookup 98:0C:82? -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] [OT] can't find vendor for 98:0C:82:BD:87:73
> -Original Message- > From: Jason Pyeron > Sent: Sunday, April 05, 2015 8:01 > > It is an OUI enforce unicast MAC address, but I cannot find > the vendor in any OUI lookup tool. > > Anyone know where to lookup 98:0C:82? Thanks to an off list reply. http://standards.ieee.org/develop/regauth/oui/public.html -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
