The command: /usr/sbin/tcpdump -l -n -e -ttt -i pflog0
Gives logs like this:
000319 rule 35/0(match): block in on fxp1: 24.39.185.75.36838 > 24.39.185.78.1408: S 1674449733:1674449733(0) win 1024
You'll notice ... NO PROTOCOL INFO !!!
But, a command like this: /usr/sbin/tcpdump -l -n -e -ttt -v -i pflog0
Give logs like this:
000242 rule 35/0(match): block in on fxp1: (tos 0x0, ttlĀ 41, id 11077, offset 0, flags [none], proto: TCP (6), length: 40) 24.39.185.75.34774 > 24.39.185.78.80: S, cksum 0xaaa2 (correct), 1576235070:1576235070(0) win 3072
AND You'll notice ... HELLO, THE PROTOCOL INFO is there ready to be egrep'd out
So my question is this, how do I modify the startup of this tcpdump procedure to add the [-v] to see if this actually helps in producing logs in the pfS app?
--
David L. Strout
Engineering Systems Plus, LLC!
