[ARGUS] ArgusOpenInputPacketFile(all.pcap) unsupported device type 117

Carter Bullard carter at qosient.com
Fri Mar 27 18:29:03 EDT 2020 

Hey Mike,
What version of libpcap are you using with argus ???
Carter
 

> On Mar 27, 2020, at 5:53 PM, John Gerth <gerth at graphics.stanford.edu> wrote:
> 
> I had to convert pcapng files once and used the "editcap" commnd in Wireshark 1.10 but that was awhile back.
> 
> Here's a Wireshark guide which does mention pflog for editcap (but I have not tried it)
>   https://www.wireshark.org/docs/wsug_html/
> --
> John Gerth      gerth at graphics.stanford.edu  Gates 164   (650) 725-3273
> 
> On 3/27/20 2:25 PM, mike tancsa wrote:
>> Hi All,
>> 
>>     I am trying to convert pflog formatted pcap files to argus, but it
>> does not seem to be recognized.  Does anyone have any work arounds /
>> tips ? I would like to put it in Argus format so I can then run all the
>> handy/dandy tools on the data set.
>> 
>> tcpdump (on freebsd) reads them just fine of course. 
>> 
>>  argus -r all.pcap -w all.arg 
>>     ArgusError: 27 Mar 20 17:21:55.560712
>> ArgusOpenInputPacketFile(all.pcap) unsupported device type 117
>> 
>> 
>> 
>> % tcpdump -nr all.pcap | head
>> reading from file all.pcap, link-type PFLOG (OpenBSD pflog file)
>> 17:30:10.343359 IP 10.99.6.235.59056 > 166.230.63.40.80: Flags [S], seq
>> 4168153933, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK],
>> length 0
>> 17:30:13.359187 IP 10.99.6.235.59056 > 166.230.63.40.80: Flags [S], seq
>> 4168153933, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK],
>> length 0
>> 17:30:19.374874 IP 10.99.6.235.59056 > 166.230.63.40.80: Flags [S], seq
>> 4168153933, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK],
>> length 0
>> 
>>  file all.pcap
>> all.pcap: pcapng capture file - version 1.0
>> 
>>  hexdump -C all.pcap | head -20
>> 00000000  0a 0d 0d 0a 70 00 00 00  4d 3c 2b 1a 01 00 00 00 
>> |....p...M<+.....|
>> 00000010  ff ff ff ff ff ff ff ff  03 00 13 00 46 72 65 65 
>> |............Free|
>> 00000020  42 53 44 20 31 32 2e 31  2d 53 54 41 42 4c 45 00  |BSD
>> 12.1-STABLE.|
>> 00000030  04 00 34 00 4d 65 72 67  65 63 61 70 20 28 57 69 
>> |..4.Mergecap (Wi|
>> 00000040  72 65 73 68 61 72 6b 29  20 33 2e 32 2e 32 20 28  |reshark)
>> 3.2.2 (|
>> 00000050  47 69 74 20 63 6f 6d 6d  69 74 20 61 33 65 66 65  |Git commit
>> a3efe|
>> 00000060  63 65 33 64 36 34 30 29  00 00 00 00 70 00 00 00 
>> |ce3d640)....p...|
>> 00000070  01 00 00 00 14 00 00 00  75 00 00 00 74 00 00 00 
>> |........u...t...|
>> 00000080  14 00 00 00 06 00 00 00  94 00 00 00 00 00 00 00 
>> |................|
>> 00000090  b4 a1 05 00 bf d9 a9 92  74 00 00 00 74 00 00 00 
>> |........t...t...|
>> 000000a0  3d 02 01 00 76 6c 61 6e  32 00 00 00 00 00 00 00 
>> |=...vlan2.......|
>> 
>> 
> _______________________________________________
> argus mailing list
> argus at qosient.com
> https://pairlist1.pair.net/mailman/listinfo/argus

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20200327/d27de586/attachment-0001.html>

More information about the argus mailing list