View unanswered posts | View active topics It is currently Wed Oct 16, 2019 4:47 am



Post new topic Reply to topic  [ 7 posts ] 
 Xplico 0.6.0 decodes file pcap and it dies? 
Author Message

Joined: Tue Nov 09, 2010 3:03 pm
Posts: 7
Reply with quote
Post Xplico 0.6.0 decodes file pcap and it dies?
Hi...

congratulations for your work on the project Xplico..

I would like to known why happens this "crash" during a decoding pcap.

I use a Windows platform, with VmWare image of Ubuntu 10.04 Server.
The version of XPLICO installed is 0.6.0
I use the Xplico Interface with Mozilla Firefox 3.6.12

I tried to test your sample pcap capture
(http://wiki.xplico.org/lib/exe/fetch.ph ... 5.pcap.bz2)

but during the decoding process, happens an interruption (see attach)
Attachment:
ScreenXplico.JPG


If I disable the "validation checksum" the process works regular

My questions are:

Is regular this program crash, especially without any warning also in the Xplico Interface? For example updating field "Status DECODING COMPLETED" with "DECODING INTERRUPTED"

If I need to use the "validation checksum" , how can I to know wich errors occurred in my capture file or what is faulting xplico analisys?

Thank you and greetings
CtrlAltCanc


You do not have the required permissions to view the files attached to this post.


Wed Nov 10, 2010 3:38 pm
Profile

Joined: Tue Nov 09, 2010 3:03 pm
Posts: 7
Reply with quote
Post Re: Xplico 0.6.0 decodes file pcap and it dies?
I do an update to this post

Now I am trying to analyze with Xplico, another pcap file (13 MB), but the decoding is stopped each time and always in different places.

The checksum is disabled, but the break is always different in Cap. Time (see attach)

Attachment:
test1.JPG

Attachment:
test2.JPG

Attachment:
test3.JPG

Attachment:
test4.JPG


I reboot the Ubuntu, Xi, Xplico and reinstall again Xplico, but the error remains.

Now I try to enable log Xplico to see if I can find out more ...

Nobody's going something like this?
Do you have any ideas to help me?

Thanks
CtrlAltCanc


You do not have the required permissions to view the files attached to this post.


Fri Nov 12, 2010 9:09 am
Profile

Joined: Tue Nov 09, 2010 3:03 pm
Posts: 7
Reply with quote
Post Re: Xplico 0.6.0 decodes file pcap and it dies?
These are the Log Files found

Attachment:
Log error.JPG


I am waiting any possible comment or help

Thank you in advance

CtrlAltCanc


You do not have the required permissions to view the files attached to this post.


Fri Nov 12, 2010 1:53 pm
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Xplico 0.6.0 decodes file pcap and it dies?
Hi Max,
with last Ubuntu 10.10 32bit we have found a new bug in the core of Xplico, inside a code very old. This bug it is new because we have used a glibc function thinking that it would be implemented in a precise way (it is not so). Some what is changed in glibc and this revealed a very critical bug in Xplico.
The behavior of the bug is random and not dependent on the checksum, but may depend on the CPU load.

To confirm that this is your case you should also send us the log file: xplico_2010_11_xx.log

Ciao.
Gianluca


Sat Nov 13, 2010 6:47 am
Profile WWW

Joined: Tue Nov 09, 2010 3:03 pm
Posts: 7
Reply with quote
Post Re: Xplico 0.6.0 decodes file pcap and it dies?
Hi Gianluca, :D

in attach the log request.... is the same bug?

in meantime, I have another question related this log:

Why in this log appear some "FEWS" when I have modified all in "FEWITDS" in my config files?
(/opt/xplico/cfg/xplico_cli_nc.cfg and /opt/xplico/cfg/xplico_cli.cfg)

Ciao
CtrlAltCnc (Max)


You do not have the required permissions to view the files attached to this post.


Mon Nov 15, 2010 10:57 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Xplico 0.6.0 decodes file pcap and it dies?
Hi,
this error:
Quote:
OOPS: Delete flow descriptor error.

in your log file it is (with high probability) due to the bug described by me in the post.
You can test this your pcap with 0.6.1 release, it will be released with DEFT 6.

The config file used by XI is: xplico_install_lite.cfg. The xplico_cli.cfg and xplico_cli_nc.cfg configs files are used in CLI mode.

Ciao.
Gianluca


Mon Nov 15, 2010 12:58 pm
Profile WWW

Joined: Tue Nov 09, 2010 3:03 pm
Posts: 7
Reply with quote
Post Re: Xplico 0.6.0 decodes file pcap and it dies?
Thank you Gianluca,

for your explanations, I will test my pcap file in next release of Xplico.

Bye
CtrlAltCanc


Mon Nov 15, 2010 6:44 pm
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by Vjacheslav Trushkin for Free Forums/DivisionCore.