From owner-freebsd-current@FreeBSD.ORG Sat Aug 28 22:53:19 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2193516A4CE for ; Sat, 28 Aug 2004 22:53:19 +0000 (GMT) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id F33AF43D62 for ; Sat, 28 Aug 2004 22:53:18 +0000 (GMT) (envelope-from apeiron@comcast.net) Received: from prophecy.velum (pcp08490587pcs.levtwn01.pa.comcast.net[68.83.169.224]) by comcast.net (rwcrmhc11) with SMTP id <2004082822531701300hh6eue> (Authid: apeiron@comcast.net); Sat, 28 Aug 2004 22:53:18 +0000 Date: Sat, 28 Aug 2004 18:53:15 -0400 From: Christopher Nehren To: "Erik U." Message-ID: <20040828225314.GA12681@prophecy.dyndns.org> References: <413102D4.60804@dnainternet.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ZPt4rx8FFjLCG7dd" Content-Disposition: inline In-Reply-To: <413102D4.60804@dnainternet.net> X-Please-CC-Me: In List And Group Replies User-Agent: Mutt/1.5.6i cc: freebsd-current@freebsd.org Subject: Re: Trying to see pf's logs using tcpdump X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Aug 2004 22:53:19 -0000 --ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Aug 28, 2004 at 18:10:28 EDT, Erik U. scribbled these curious markings: > I installed pf from the ports, configured and ran it. > I just get this error when trying to watch pf's logs: >=20 > [root@nat] ~ $ tcpdump -n -e -ttt -r /var/log/pflog You're running the 5.2.1-RELEASE tcpdump which doesn't know anything about = PF=20 log files. The PF port comes with its own version of tcpdump, aptly named= =20 pftcpdump. If you read the documentation, you'd know this. > Why can't they just put the logs in text not in some damn binary.. Probably because the data in question *is* binary. I suggest you read=20 byteorder(3) and better familiarise yourself with the way TCP/IP networks= =20 function before asking such questions. Furthermore, the file format itself is documented in pcap(3). If any of this bewilders, confuses, or surprises you, it may not be wise for you to use a 5.x release of FreeBSD. --=20 I abhor a system designed for the "user", if that word is a coded pejorative meaning "stupid and unsophisticated". -- Ken Thompson - Unix is user friendly. However, it isn't idiot friendly. --ZPt4rx8FFjLCG7dd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQFBMQzak/lo7zvzJioRAtpNAKC0VP+B2bfMwyBIv4kJIWgxbsCyTgCdFUak dZMMtNAgvBDqao+24EMO5Yk= =MhOd -----END PGP SIGNATURE----- --ZPt4rx8FFjLCG7dd--