Hello.
Before I start digging into the source, has anyone managed to get tcpprof (a cool little program that comes with the tcpstat package) to work on pflog files? Its working nicely on "normal" tcpdump-files, but just gives crap output on pflogs. Examples:
Code:
$ sudo tcpprof -S a -r blah.dmp
Total Statistics:
Total 5987 2287005 100.0000 %
Link Statistics:
Ethernet (IP): 5987 2287005 100.0000 %
IP Statistics:
tcp 5939 2281216 99.7469 %
udp 40 4557 0.1993 %
esp 8 1232 0.0539 %
Port Statistics:
www (80) 5939 2281216 99.7469 %
44133 1333 522246 22.8354 %
47490 1075 418259 18.2885 %
<snip>
Code:
$ sudo tcpprof -S a -r /var/log/pflog
Total Statistics:
Total 188 30587 100.0000 %
Link Statistics:
UNKNWON (non-IP): 188 30587 100.0000 %
IP Statistics:
Port Statistics:
Host Statistics:
Network Statistics: