[ARGUS] ArgusOpenInputPacketFile(all.pcap) unsupported device type 117
mike tancsa
mike at sentex.ca
Sat Mar 28 13:20:23 EDT 2020
On 3/28/2020 1:05 PM, Carter Bullard wrote:
> Thing about pflog files is that they don’t have any link layer headers
> … they have an interface id and direction indicators in their packet
> strut and things like rule that caused the packet to be captured etc
> ... … seems that we can put that stuff in the argus record, not sure
> if anyone would be interested …
>
> Would you want to know what interface the packets coming in and out of ???
>
>
I think it would be helpful, yes. Rule numbers are nice at the time,
but rules change so the number can become not so useful. But the action
(NAT/RDR,PASS,BLOCK... etc) for sure are helpful and yes the interface I
would say is very good to have too.
Thanks!!
---Mike
More information about the argus
mailing list