Thread: tcpprof on pflogs
View Single Post
  #1   (View Single Post)  
Old 5th May 2011
denta denta is offline
Shell Scout
  
Join Date: Nov 2009
Location: Sweden
Posts: 95
Default tcpprof on pflogs
Hello.
Before I start digging into the source, has anyone managed to get tcpprof (a cool little program that comes with the tcpstat package) to work on pflog files? Its working nicely on "normal" tcpdump-files, but just gives crap output on pflogs. Examples:

Code:
$ sudo tcpprof -S a -r blah.dmp                                               
Total Statistics:
        Total                    5987      2287005   100.0000 %
Link Statistics:
        Ethernet (IP):           5987      2287005   100.0000 %
IP Statistics:
        tcp                      5939      2281216   99.7469 %
        udp                      40        4557      0.1993 %
        esp                      8         1232      0.0539 %
Port Statistics:
        www (80)                 5939      2281216   99.7469 %
        44133                    1333      522246    22.8354 %
        47490                    1075      418259    18.2885 %
<snip>
Code:
$ sudo tcpprof -S a -r /var/log/pflog                                          
Total Statistics:
        Total                    188       30587     100.0000 %
Link Statistics:
        UNKNWON (non-IP):        188       30587     100.0000 %
IP Statistics:
Port Statistics:
Host Statistics:
Network Statistics:
Reply With Quote