> -----Original Message----- > From: Guy Harris > Sent: Monday, October 27, 2014 1:47 > > On Oct 26, 2014, at 7:55 PM, "Jason Pyeron" <jpye...@pdinc.us> wrote: > > > When I './tcpdump -r -' I get a: > > reading from file -, link-type PFLOG (OpenBSD pflog file) > > tcpdump: packet printing is not supported for link type PFLOG: use -w > > > > I am using tcpdump 4ac7226 and libpcap 625575f. > > > > Did I miss a configure option? > > Are you building on an operating system that supports PFLOG > as a filter mechanism?
Not even close. > > If not, then the option you missed is the "use an operating > system that supports PFLOG as a filter mechanism, and that > provides the headers for PFLOG packets as a standard system > include file" option. Was hoping to use tcpdump instead of wireshark for visulization. > > I think the only OSes that support those options are OpenBSD > and FreeBSD; if you're not building on those OSes, you can't > read PFLOG files, because the developers of PFLOG apparently > found it too difficult either to standardize the PFLOG header > or to add a version field to it, so that > LINKTYPE_PFLOG/DLT_PFLOG can be a standard format in pcap and > pcap-ng files writable by one operating system and readable > by a different operating system, rather than a file whose > format is OS and OS-version dependent and that therefor can > only be read by a program expecting a particular OS version's > flavor of PFLOG. Nice job BSD people. Could there be a way to force support for a specific version? In my case FreeBSD 8.1-RELEASE-p13 / FreeBSD 8.3-RELEASE-p16. > > (And if you *are* building on those OSes, what you'll get is > a version of tcpdump that can read dumps from that particular > version of the OS, but won't necessarily be able to read > dumps from other versions of the same OS or other OSes.) This may be off topic but how does wireshark deal with this issue? -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
