I'm trying to parse a pflog (OpenBSD 5.8) in Linux (Fedora 25) machine, with Python 3.5. I tryed the dpkt module, but it doesn't support pflog files. Then I tryed Scapy:
>>> p = rdpcap('pflog')
WARNING: RawPcapReader: unknown LL type [117]/[0x75]. Using Raw packets.
>>> p.summary()
Raw
Raw
...
Raw
>>> rdpcap('pflog')
<pflog: TCP:0 UDP:0 ICMP:0 Other:109>
As the warning message suggests, all packets are read as raw, so I'm not able to open them (and it's weird because Scapy supports pflog). I tryed different files (from the same OpenBSD machine) and the result is always the same. Also, I imported this file successfully in Wireshark.
My question is: how can I parse this type of file using Python? If Wireshark can open it without errors, some Python module should do it too (I think so).
Scapy works, You need to use:
load_layer("pflog")
before loading your pcap