Date: Sat, 28 Aug 2004 18:53:15 -0400 From: Christopher Nehren <apeiron@comcast.net> To: "Erik U." <erik.u@dnainternet.net> Cc: freebsd-current@freebsd.org Subject: Re: Trying to see pf's logs using tcpdump Message-ID: <20040828225314.GA12681@prophecy.dyndns.org> In-Reply-To: <413102D4.60804@dnainternet.net> References: <413102D4.60804@dnainternet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Aug 28, 2004 at 18:10:28 EDT, Erik U. scribbled these curious markings: > I installed pf from the ports, configured and ran it. > I just get this error when trying to watch pf's logs: >=20 > [root@nat] ~ $ tcpdump -n -e -ttt -r /var/log/pflog You're running the 5.2.1-RELEASE tcpdump which doesn't know anything about = PF=20 log files. The PF port comes with its own version of tcpdump, aptly named= =20 pftcpdump. If you read the documentation, you'd know this. > Why can't they just put the logs in text not in some damn binary.. Probably because the data in question *is* binary. I suggest you read=20 byteorder(3) and better familiarise yourself with the way TCP/IP networks= =20 function before asking such questions. Furthermore, the file format itself is documented in pcap(3). If any of this bewilders, confuses, or surprises you, it may not be wise for you to use a 5.x release of FreeBSD. --=20 I abhor a system designed for the "user", if that word is a coded pejorative meaning "stupid and unsophisticated". -- Ken Thompson - Unix is user friendly. However, it isn't idiot friendly. --ZPt4rx8FFjLCG7dd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQFBMQzak/lo7zvzJioRAtpNAKC0VP+B2bfMwyBIv4kJIWgxbsCyTgCdFUak dZMMtNAgvBDqao+24EMO5Yk= =MhOd -----END PGP SIGNATURE----- --ZPt4rx8FFjLCG7dd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040828225314.GA12681>