View unanswered posts | View active topics It is currently Wed Aug 15, 2018 4:58 am



Post new topic Reply to topic  [ 2 posts ] 
 File name not found (fun:SmtpPei) 
Author Message

Joined: Mon Oct 19, 2009 10:12 am
Posts: 1
Reply with quote
Post File name not found (fun:SmtpPei)
Hi,

I'm currently having a issue with xplico on Ubuntu Jaunty (latest stable currently).

See logs:
12:24:15 [tcp]{c}-TRACE: Retrasmition 2
12:24:15 [CORE]{c}-INFO: frame 0 - prot: 6, flow: yes, id: 18 -
12:24:15 [CORE]{c}-INFO: tcp.srcport: 110
12:24:15 [CORE]{c}-INFO: tcp.dstport: 1120
12:24:15 [CORE]{c}-INFO: tcp.clnt: 1
12:24:15 [CORE]{c}-INFO: tcp.lost: 0
12:24:15 [CORE]{c}-INFO: frame 1 - prot: 4, flow: no, id: -1 -
12:24:15 [CORE]{c}-INFO: ip.proto: 6
12:24:15 [CORE]{c}-INFO: ip.src: 196.41.206.149
12:24:15 [CORE]{c}-INFO: ip.dst: 41.208.250.155
12:24:15 [CORE]{c}-INFO: frame 2 - prot: 2, flow: no, id: -1 -
12:24:15 [CORE]{c}-INFO: eth.type: 2048
12:24:15 [CORE]{c}-INFO: frame 3 - prot: 1, flow: no, id: -1 -
12:24:15 [CORE]{c}-INFO: pol.layer1: 1
12:24:15 [CORE]{c}-INFO: pol.count: 48234
12:24:15 [CORE]{c}-INFO: pol.file: /opt/xplico/pol_1/sol_1/decode/rt.pcap
12:24:15 [CORE]{c}-INFO: pol.sesid: 1
12:24:15 [CORE]{c}-INFO: pol.polid: 1
12:24:15 [tcp]{c}-TRACE: Retrasmition 1
12:24:15 [smtp]{280}-OOPS: (17) File name not found (fun:SmtpPei) :?: :?: :?: :?:
12:24:15 [CORE]{c}-INFO: frame 0 - prot: 6, flow: yes, id: 19 -
12:24:15 [CORE]{c}-INFO: tcp.srcport: 489

Not exactly sure what file that is, but the process stops, that the end of the log file.

Any help would be greatly appreciated.

Thanks,
Mike


Mon Oct 19, 2009 10:33 am
Profile

Joined: Wed Sep 16, 2009 10:45 pm
Posts: 128
Reply with quote
Post Re: File name not found (fun:SmtpPei)
Hello,
let's attack the problem with a lot of questions :)

- Have you done a "chmod -R 777 xplico_folder"?
- Have you had any problem compiling? (it would be a good idea downloading sources and compiling again)
- Is this smtp session crypted? (in your log i see "tcp.srcport: 489")
- does Xplico works with another captures?
- if it does, does Xplico works with another smtp capture?

If you answer no to everything, could you post the capture please? (if it has a password, please create a test-account and do again a capture for us :))

We'll help you as soon as possible.


Mon Oct 19, 2009 11:04 am
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by Vjacheslav Trushkin for Free Forums/DivisionCore.