[ARGUS] ArgusOpenInputPacketFile(all.pcap) unsupported device type 117

[mike tancsa]

Hi All,

    I am trying to convert pflog formatted pcap files to argus, but it
does not seem to be recognized.  Does anyone have any work arounds /
tips ? I would like to put it in Argus format so I can then run all the
handy/dandy tools on the data set.

tcpdump (on freebsd) reads them just fine of course. 

 argus -r all.pcap -w all.arg 
    ArgusError: 27 Mar 20 17:21:55.560712
ArgusOpenInputPacketFile(all.pcap) unsupported device type 117



% tcpdump -nr all.pcap | head
reading from file all.pcap, link-type PFLOG (OpenBSD pflog file)
17:30:10.343359 IP 10.99.6.235.59056 > 166.230.63.40.80: Flags [S], seq
4168153933, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK],
length 0
17:30:13.359187 IP 10.99.6.235.59056 > 166.230.63.40.80: Flags [S], seq
4168153933, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK],
length 0
17:30:19.374874 IP 10.99.6.235.59056 > 166.230.63.40.80: Flags [S], seq
4168153933, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK],
length 0

 file all.pcap
all.pcap: pcapng capture file - version 1.0

 hexdump -C all.pcap | head -20
00000000  0a 0d 0d 0a 70 00 00 00  4d 3c 2b 1a 01 00 00 00 
|....p...M<+.....|
00000010  ff ff ff ff ff ff ff ff  03 00 13 00 46 72 65 65 
|............Free|
00000020  42 53 44 20 31 32 2e 31  2d 53 54 41 42 4c 45 00  |BSD
12.1-STABLE.|
00000030  04 00 34 00 4d 65 72 67  65 63 61 70 20 28 57 69 
|..4.Mergecap (Wi|
00000040  72 65 73 68 61 72 6b 29  20 33 2e 32 2e 32 20 28  |reshark)
3.2.2 (|
00000050  47 69 74 20 63 6f 6d 6d  69 74 20 61 33 65 66 65  |Git commit
a3efe|
00000060  63 65 33 64 36 34 30 29  00 00 00 00 70 00 00 00 
|ce3d640)....p...|
00000070  01 00 00 00 14 00 00 00  75 00 00 00 74 00 00 00 
|........u...t...|
00000080  14 00 00 00 06 00 00 00  94 00 00 00 00 00 00 00 
|................|
00000090  b4 a1 05 00 bf d9 a9 92  74 00 00 00 74 00 00 00 
|........t...t...|
000000a0  3d 02 01 00 76 6c 61 6e  32 00 00 00 00 00 00 00 
|=...vlan2.......|