On Sat, Aug 28, 2004 at 18:10:28 EDT, Erik U. scribbled these curious markings: > I installed pf from the ports, configured and ran it. > I just get this error when trying to watch pf's logs: > > [root_at_nat] ~ $ tcpdump -n -e -ttt -r /var/log/pflog You're running the 5.2.1-RELEASE tcpdump which doesn't know anything about PF log files. The PF port comes with its own version of tcpdump, aptly named pftcpdump. If you read the documentation, you'd know this. > Why can't they just put the logs in text not in some damn binary.. Probably because the data in question *is* binary. I suggest you read byteorder(3) and better familiarise yourself with the way TCP/IP networks function before asking such questions. Furthermore, the file format itself is documented in pcap(3). If any of this bewilders, confuses, or surprises you, it may not be wise for you to use a 5.x release of FreeBSD. -- I abhor a system designed for the "user", if that word is a coded pejorative meaning "stupid and unsophisticated". -- Ken Thompson - Unix is user friendly. However, it isn't idiot friendly.
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:09 UTC