View unanswered posts | View active topics It is currently Wed Oct 16, 2019 5:09 am



Post new topic Reply to topic  [ 19 posts ]  Go to page Previous  1, 2
 Error Opening file GeoLiteCity.dat 
Author Message
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Error Opening file GeoLiteCity.dat
sudo is not necessary. The only requirement is to be in a user directory (example: cd ~).
What is xplico_bin? You are using the original source code and installation? the Ubuntu package? or what?
Are you sure you run the command correctly with a your pcap file?


Thu Oct 21, 2010 11:26 am
Profile WWW

Joined: Thu May 20, 2010 11:29 pm
Posts: 28
Reply with quote
Post Re: Error Opening file GeoLiteCity.dat
Gianluca,

I am runing it on /tmp. If I dont put sudo, it gives me Permission Denied.
I just put that scheme somebody posted here, because I need to filter some IPs from the capture.

Now I ran it directly xplico_bin and it worked. So, here are the results:

Code:
xplico v0.6.0
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2010 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.
Configuration file (/opt/xplico/cfg/xplico_cli.cfg) found!
Error Opening file GeoLiteCity.dat
Error Opening file GeoLiteCity.dat
Error Opening file GeoLiteCity.dat
Error Opening file GeoLiteCity.dat
GeoLiteCity.dat found!
pcapf: running: 0/0, subflow:0/0, tot pkt:1
pol: running: 0/0, subflow:0/0, tot pkt:0
eth: running: 0/0, subflow:0/0, tot pkt:1
pppoe: running: 0/0, subflow:0/0, tot pkt:0
ppp: running: 0/0, subflow:0/0, tot pkt:0
ip: running: 0/0, subflow:0/0, tot pkt:1
ipv6: running: 0/0, subflow:0/0, tot pkt:0
tcp: running: 0/0, subflow:0/50, tot pkt:1
udp: running: 0/0, subflow:0/0, tot pkt:0
http: running: 0/0, subflow:0/0, tot pkt:0
pop: running: 0/0, subflow:0/0, tot pkt:0
imap: running: 0/0, subflow:0/0, tot pkt:0
smtp: running: 0/0, subflow:0/0, tot pkt:0
httpfd: running: 0/0, subflow:0/0, tot pkt:0
sip: running: 0/0, subflow:0/0, tot pkt:0
rtp: running: 0/0, subflow:0/0, tot pkt:0
rtcp: running: 0/0, subflow:0/0, tot pkt:0
sdp: running: 0/0, subflow:0/0, tot pkt:0
l2tp: running: 0/0, subflow:0/0, tot pkt:0
vlan: running: 0/0, subflow:0/0, tot pkt:0
ftp: running: 0/0, subflow:0/0, tot pkt:0
dns: running: 0/0, subflow:0/0, tot pkt:0
icmp: running: 0/0, subflow:0/0, tot pkt:0
nntp: running: 0/0, subflow:0/0, tot pkt:0
irc: running: 0/0, subflow:0/0, tot pkt:0
ipp: running: 0/0, subflow:0/0, tot pkt:0
pjl: running: 0/0, subflow:0/0, tot pkt:0
mms: running: 0/0, subflow:0/0, tot pkt:0
sll: running: 0/0, subflow:0/0, tot pkt:0
tftp: running: 0/0, subflow:0/0, tot pkt:0
wlan: running: 0/0, subflow:0/0, tot pkt:0
llc: running: 0/0, subflow:0/0, tot pkt:0
fbwchat: running: 0/0, subflow:0/0, tot pkt:0
telnet: running: 0/0, subflow:0/0, tot pkt:0
webmail: running: 0/0, subflow:0/0, tot pkt:0
arp: running: 0/0, subflow:0/0, tot pkt:0
paltalk_exp: running: 0/0, subflow:0/0, tot pkt:0
radiotap: running: 0/0, subflow:0/0, tot pkt:0
tcp-grb: running: 0/0, subflow:0/0, tot pkt:0
udp-grb: running: 0/0, subflow:0/0, tot pkt:0
Pei inserted: 0
Pei to be insert: 0
Fthread: 0/100
Flows: 0
Groups: 0/100
Dns DB: ip number: 0, name number: 0, total size: 200000
Cap. time: Wed Oct 20 11:25:50 2010

pcapf: running: 0/0, subflow:0/0, tot pkt:7239
pol: running: 0/0, subflow:0/0, tot pkt:0
eth: running: 0/0, subflow:0/0, tot pkt:7239
pppoe: running: 0/0, subflow:0/0, tot pkt:0
ppp: running: 0/0, subflow:0/0, tot pkt:0
ip: running: 0/0, subflow:0/0, tot pkt:7239
ipv6: running: 0/0, subflow:0/0, tot pkt:0
tcp: running: 0/0, subflow:0/100, tot pkt:3910
udp: running: 0/0, subflow:0/0, tot pkt:0
http: running: 0/0, subflow:0/0, tot pkt:0
pop: running: 0/0, subflow:0/0, tot pkt:0
imap: running: 0/0, subflow:0/0, tot pkt:0
smtp: running: 0/0, subflow:0/0, tot pkt:0
httpfd: running: 0/0, subflow:0/0, tot pkt:0
sip: running: 0/0, subflow:0/0, tot pkt:0
rtp: running: 0/0, subflow:0/0, tot pkt:0
rtcp: running: 0/0, subflow:0/0, tot pkt:0
sdp: running: 0/0, subflow:0/0, tot pkt:0
l2tp: running: 0/0, subflow:0/0, tot pkt:0
vlan: running: 0/0, subflow:0/0, tot pkt:0
ftp: running: 0/0, subflow:0/0, tot pkt:0
dns: running: 0/0, subflow:0/0, tot pkt:0
icmp: running: 0/0, subflow:0/0, tot pkt:0
nntp: running: 0/0, subflow:0/0, tot pkt:0
irc: running: 0/0, subflow:0/0, tot pkt:0
ipp: running: 0/0, subflow:0/0, tot pkt:0
pjl: running: 0/0, subflow:0/0, tot pkt:0
mms: running: 0/0, subflow:0/0, tot pkt:0
sll: running: 0/0, subflow:0/0, tot pkt:0
tftp: running: 0/0, subflow:0/0, tot pkt:0
wlan: running: 0/0, subflow:0/0, tot pkt:0
llc: running: 0/0, subflow:0/0, tot pkt:0
fbwchat: running: 0/0, subflow:0/0, tot pkt:0
telnet: running: 0/0, subflow:0/0, tot pkt:0
webmail: running: 0/0, subflow:0/0, tot pkt:0
arp: running: 0/0, subflow:0/0, tot pkt:0
paltalk_exp: running: 0/0, subflow:0/0, tot pkt:0
radiotap: running: 0/0, subflow:0/0, tot pkt:0
tcp-grb: running: 0/218, subflow:0/0, tot pkt:3256
udp-grb: running: 0/0, subflow:0/0, tot pkt:0
Pei inserted: 0
Pei to be insert: 0
Fthread: 0/100
Flows: 0
Groups: 0/100
Dns DB: ip number: 0, name number: 0, total size: 200000
Cap. time: Wed Oct 20 11:51:05 2010

pcapf: running: 0/0, subflow:0/0, tot pkt:7239
pol: running: 0/0, subflow:0/0, tot pkt:0
eth: running: 0/0, subflow:0/0, tot pkt:7239
pppoe: running: 0/0, subflow:0/0, tot pkt:0
ppp: running: 0/0, subflow:0/0, tot pkt:0
ip: running: 0/0, subflow:0/0, tot pkt:7239
ipv6: running: 0/0, subflow:0/0, tot pkt:0
tcp: running: 0/0, subflow:0/100, tot pkt:3910
udp: running: 0/0, subflow:0/0, tot pkt:0
http: running: 0/0, subflow:0/0, tot pkt:0
pop: running: 0/0, subflow:0/0, tot pkt:0
imap: running: 0/0, subflow:0/0, tot pkt:0
smtp: running: 0/0, subflow:0/0, tot pkt:0
httpfd: running: 0/0, subflow:0/0, tot pkt:0
sip: running: 0/0, subflow:0/0, tot pkt:0
rtp: running: 0/0, subflow:0/0, tot pkt:0
rtcp: running: 0/0, subflow:0/0, tot pkt:0
sdp: running: 0/0, subflow:0/0, tot pkt:0
l2tp: running: 0/0, subflow:0/0, tot pkt:0
vlan: running: 0/0, subflow:0/0, tot pkt:0
ftp: running: 0/0, subflow:0/0, tot pkt:0
dns: running: 0/0, subflow:0/0, tot pkt:0
icmp: running: 0/0, subflow:0/0, tot pkt:0
nntp: running: 0/0, subflow:0/0, tot pkt:0
irc: running: 0/0, subflow:0/0, tot pkt:0
ipp: running: 0/0, subflow:0/0, tot pkt:0
pjl: running: 0/0, subflow:0/0, tot pkt:0
mms: running: 0/0, subflow:0/0, tot pkt:0
sll: running: 0/0, subflow:0/0, tot pkt:0
tftp: running: 0/0, subflow:0/0, tot pkt:0
wlan: running: 0/0, subflow:0/0, tot pkt:0
llc: running: 0/0, subflow:0/0, tot pkt:0
fbwchat: running: 0/0, subflow:0/0, tot pkt:0
telnet: running: 0/0, subflow:0/0, tot pkt:0
webmail: running: 0/0, subflow:0/0, tot pkt:0
arp: running: 0/0, subflow:0/0, tot pkt:0
paltalk_exp: running: 0/0, subflow:0/0, tot pkt:0
radiotap: running: 0/0, subflow:0/0, tot pkt:0
tcp-grb: running: 0/218, subflow:0/0, tot pkt:3256
udp-grb: running: 0/0, subflow:0/0, tot pkt:0
Pei inserted: 0
Pei to be insert: 0
Fthread: 0/100
Flows: 0
Groups: 0/100
Dns DB: ip number: 0, name number: 0, total size: 200000
Cap. time: Wed Oct 20 11:51:05 2010

Total elaboration time: 4s




No xdecode folder found, ony a tmp with the following files:
Code:
mfile  mfile_2010_10_21.log  mpaltalk  mpaltalk_2010_10_21.log  mwmail  mwmail_2010_10_21.log  xplico  xplico_2010_10_21.log


Thu Oct 21, 2010 11:58 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Error Opening file GeoLiteCity.dat
xdecode is not present because in you pcap there is no protocols to be decoded by Xplico, or you need to disable checksum verification (more info about 'checksum verification': wiki).
What is xplico_bin? This is not the defaut name of xplico binary application.


Thu Oct 21, 2010 12:47 pm
Profile WWW

Joined: Thu May 20, 2010 11:29 pm
Posts: 28
Reply with quote
Post Re: Error Opening file GeoLiteCity.dat
Gianluca,

I'll disable Checksum verification and try again.

The xplico_bin is, as I said, a modification schema to filter some IPs. In fact, it is the xplico original binary.
It was you who sent me the schema in this topic:
viewtopic.php?f=3&t=197&p=568&hilit=filter+ips#p568

I'll post the results as soon as I test it...
Thanks....


Thu Oct 21, 2010 1:03 pm
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Error Opening file GeoLiteCity.dat
Ok... I had not understood :( and I did not remembered this my patch/hack ;).

Gianluca


Thu Oct 21, 2010 1:11 pm
Profile WWW

Joined: Thu May 20, 2010 11:29 pm
Posts: 28
Reply with quote
Post Re: Error Opening file GeoLiteCity.dat
Disabled ckecksum and didn't work.

Code:
xplico v0.6.0
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2010 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.
Configuration file (/opt/xplico/cfg/xplico_cli.cfg) found!
Error Opening file GeoLiteCity.dat
Error Opening file GeoLiteCity.dat
Error Opening file GeoLiteCity.dat
Error Opening file GeoLiteCity.dat
GeoLiteCity.dat found!
pcapf: running: 0/0, subflow:0/0, tot pkt:1
pol: running: 0/0, subflow:0/0, tot pkt:0
eth: running: 0/0, subflow:0/0, tot pkt:1
pppoe: running: 0/0, subflow:0/0, tot pkt:0
ppp: running: 0/0, subflow:0/0, tot pkt:0
ip: running: 0/0, subflow:0/0, tot pkt:1
ipv6: running: 0/0, subflow:0/0, tot pkt:0
tcp: running: 0/0, subflow:0/50, tot pkt:1
udp: running: 0/0, subflow:0/0, tot pkt:0
http: running: 0/0, subflow:0/0, tot pkt:0
pop: running: 0/0, subflow:0/0, tot pkt:0
imap: running: 0/0, subflow:0/0, tot pkt:0
smtp: running: 0/0, subflow:0/0, tot pkt:0
httpfd: running: 0/0, subflow:0/0, tot pkt:0
sip: running: 0/0, subflow:0/0, tot pkt:0
rtp: running: 0/0, subflow:0/0, tot pkt:0
rtcp: running: 0/0, subflow:0/0, tot pkt:0
sdp: running: 0/0, subflow:0/0, tot pkt:0
l2tp: running: 0/0, subflow:0/0, tot pkt:0
vlan: running: 0/0, subflow:0/0, tot pkt:0
ftp: running: 0/0, subflow:0/0, tot pkt:0
dns: running: 0/0, subflow:0/0, tot pkt:0
icmp: running: 0/0, subflow:0/0, tot pkt:0
nntp: running: 0/0, subflow:0/0, tot pkt:0
irc: running: 0/0, subflow:0/0, tot pkt:0
ipp: running: 0/0, subflow:0/0, tot pkt:0
pjl: running: 0/0, subflow:0/0, tot pkt:0
mms: running: 0/0, subflow:0/0, tot pkt:0
sll: running: 0/0, subflow:0/0, tot pkt:0
tftp: running: 0/0, subflow:0/0, tot pkt:0
wlan: running: 0/0, subflow:0/0, tot pkt:0
llc: running: 0/0, subflow:0/0, tot pkt:0
fbwchat: running: 0/0, subflow:0/0, tot pkt:0
telnet: running: 0/0, subflow:0/0, tot pkt:0
webmail: running: 0/0, subflow:0/0, tot pkt:0
arp: running: 0/0, subflow:0/0, tot pkt:0
paltalk_exp: running: 0/0, subflow:0/0, tot pkt:0
radiotap: running: 0/0, subflow:0/0, tot pkt:0
tcp-grb: running: 0/0, subflow:0/0, tot pkt:0
udp-grb: running: 0/0, subflow:0/0, tot pkt:0
Pei inserted: 0
Pei to be insert: 0
Fthread: 0/100
Flows: 0
Groups: 0/100
Dns DB: ip number: 0, name number: 0, total size: 200000
Cap. time: Wed Oct 20 11:25:50 2010

pcapf: running: 0/0, subflow:0/0, tot pkt:7239
pol: running: 0/0, subflow:0/0, tot pkt:0
eth: running: 0/0, subflow:0/0, tot pkt:7239
pppoe: running: 0/0, subflow:0/0, tot pkt:0
ppp: running: 0/0, subflow:0/0, tot pkt:0
ip: running: 0/0, subflow:0/0, tot pkt:7239
ipv6: running: 0/0, subflow:0/0, tot pkt:0
tcp: running: 0/0, subflow:0/100, tot pkt:3910
udp: running: 0/0, subflow:0/0, tot pkt:0
http: running: 0/0, subflow:0/0, tot pkt:0
pop: running: 0/0, subflow:0/0, tot pkt:0
imap: running: 0/0, subflow:0/0, tot pkt:0
smtp: running: 0/0, subflow:0/0, tot pkt:0
httpfd: running: 0/0, subflow:0/0, tot pkt:0
sip: running: 0/0, subflow:0/0, tot pkt:0
rtp: running: 0/0, subflow:0/0, tot pkt:0
rtcp: running: 0/0, subflow:0/0, tot pkt:0
sdp: running: 0/0, subflow:0/0, tot pkt:0
l2tp: running: 0/0, subflow:0/0, tot pkt:0
vlan: running: 0/0, subflow:0/0, tot pkt:0
ftp: running: 0/0, subflow:0/0, tot pkt:0
dns: running: 0/0, subflow:0/0, tot pkt:0
icmp: running: 0/0, subflow:0/0, tot pkt:0
nntp: running: 0/0, subflow:0/0, tot pkt:0
irc: running: 0/0, subflow:0/0, tot pkt:0
ipp: running: 0/0, subflow:0/0, tot pkt:0
pjl: running: 0/0, subflow:0/0, tot pkt:0
mms: running: 0/0, subflow:0/0, tot pkt:0
sll: running: 0/0, subflow:0/0, tot pkt:0
tftp: running: 0/0, subflow:0/0, tot pkt:0
wlan: running: 0/0, subflow:0/0, tot pkt:0
llc: running: 0/0, subflow:0/0, tot pkt:0
fbwchat: running: 0/0, subflow:0/0, tot pkt:0
telnet: running: 0/0, subflow:0/0, tot pkt:0
webmail: running: 0/0, subflow:0/0, tot pkt:0
arp: running: 0/0, subflow:0/0, tot pkt:0
paltalk_exp: running: 0/0, subflow:0/0, tot pkt:0
radiotap: running: 0/0, subflow:0/0, tot pkt:0
tcp-grb: running: 2/218, subflow:0/0, tot pkt:3235
udp-grb: running: 0/0, subflow:0/0, tot pkt:0
Pei inserted: 0
Pei to be insert: 0
Fthread: 2/100
Flows: 2
Groups: 0/100
Dns DB: ip number: 0, name number: 0, total size: 200000
Cap. time: Wed Oct 20 11:51:05 2010

pcapf: running: 0/0, subflow:0/0, tot pkt:7239
pol: running: 0/0, subflow:0/0, tot pkt:0
eth: running: 0/0, subflow:0/0, tot pkt:7239
pppoe: running: 0/0, subflow:0/0, tot pkt:0
ppp: running: 0/0, subflow:0/0, tot pkt:0
ip: running: 0/0, subflow:0/0, tot pkt:7239
ipv6: running: 0/0, subflow:0/0, tot pkt:0
tcp: running: 0/0, subflow:0/100, tot pkt:3910
udp: running: 0/0, subflow:0/0, tot pkt:0
http: running: 0/0, subflow:0/0, tot pkt:0
pop: running: 0/0, subflow:0/0, tot pkt:0
imap: running: 0/0, subflow:0/0, tot pkt:0
smtp: running: 0/0, subflow:0/0, tot pkt:0
httpfd: running: 0/0, subflow:0/0, tot pkt:0
sip: running: 0/0, subflow:0/0, tot pkt:0
rtp: running: 0/0, subflow:0/0, tot pkt:0
rtcp: running: 0/0, subflow:0/0, tot pkt:0
sdp: running: 0/0, subflow:0/0, tot pkt:0
l2tp: running: 0/0, subflow:0/0, tot pkt:0
vlan: running: 0/0, subflow:0/0, tot pkt:0
ftp: running: 0/0, subflow:0/0, tot pkt:0
dns: running: 0/0, subflow:0/0, tot pkt:0
icmp: running: 0/0, subflow:0/0, tot pkt:0
nntp: running: 0/0, subflow:0/0, tot pkt:0
irc: running: 0/0, subflow:0/0, tot pkt:0
ipp: running: 0/0, subflow:0/0, tot pkt:0
pjl: running: 0/0, subflow:0/0, tot pkt:0
mms: running: 0/0, subflow:0/0, tot pkt:0
sll: running: 0/0, subflow:0/0, tot pkt:0
tftp: running: 0/0, subflow:0/0, tot pkt:0
wlan: running: 0/0, subflow:0/0, tot pkt:0
llc: running: 0/0, subflow:0/0, tot pkt:0
fbwchat: running: 0/0, subflow:0/0, tot pkt:0
telnet: running: 0/0, subflow:0/0, tot pkt:0
webmail: running: 0/0, subflow:0/0, tot pkt:0
arp: running: 0/0, subflow:0/0, tot pkt:0
paltalk_exp: running: 0/0, subflow:0/0, tot pkt:0
radiotap: running: 0/0, subflow:0/0, tot pkt:0
tcp-grb: running: 0/218, subflow:0/0, tot pkt:3256
udp-grb: running: 0/0, subflow:0/0, tot pkt:0
Pei inserted: 0
Pei to be insert: 0
Fthread: 0/100
Flows: 0
Groups: 0/100
Dns DB: ip number: 0, name number: 0, total size: 200000
Cap. time: Wed Oct 20 11:51:05 2010

Total elaboration time: 4s


Thu Oct 21, 2010 4:55 pm
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Error Opening file GeoLiteCity.dat
Well, I think it is a file pcap's problem.
What protocols are inside that pcap?
Could you send it to me: bug[@]xplico.org?


Thu Oct 21, 2010 5:03 pm
Profile WWW

Joined: Thu May 20, 2010 11:29 pm
Posts: 28
Reply with quote
Post Re: Error Opening file GeoLiteCity.dat
It contais varios http access. Unfortunately I can't send it to you, but if you have a sample pcap that works to ganerate the GeoIP I can test it here...


Thu Oct 21, 2010 6:12 pm
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Error Opening file GeoLiteCity.dat
The problem is not GeoIP but the pcap contents.
You can find some examples here.
To understand the problem (and find possible bug) is sufficient only a single TCP stream of HTTP (from syn packets). Choose the HTTP stream with less data (for you privacy) nad you can use the tools tcpreplay to mask the IPs.

You can use my GPG public key. Obviously, the pcap file remains confidential.


Thu Oct 21, 2010 6:28 pm
Profile WWW
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 19 posts ]  Go to page Previous  1, 2


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by Vjacheslav Trushkin for Free Forums/DivisionCore.