View unanswered posts | View active topics It is currently Sat Aug 18, 2018 5:58 pm



Post new topic Reply to topic  [ 6 posts ] 
 Segmentation Fault: Reduce pcap size with this tshark filter 
Author Message

Joined: Sat Oct 10, 2009 10:04 am
Posts: 38
Reply with quote
Post Segmentation Fault: Reduce pcap size with this tshark filter
I used CLI.
After next 2 hours, generated this fault messages that attached.

What does it mean and why it occurs?


Attachments:
SegmentationFault.tar.gz [242.96 KiB]
Downloaded 240 times
Thu Dec 17, 2009 6:48 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Segmentation Fault: Reduce pcap size with this tshark filter
Hi,
Xplico when it finds a fault generates (if successful) two types of files:
  • Fault file (your file in attach)
  • xml oops file
This 2 files are useful to debug.

The fault file describe the procedure to reduce original file size, and is useful in the absence of xml oops files. You must apply the filter and the command described in the file.
The xml oops file (if present) describes the flow that probably caused the fault.

If you can do this procedure you can help us.
  1. ./xplico -m pcap -f <your pcap file>
  2. wait fault
  3. at fault you can see in tmp directory (where is the log files) the file oops_xxxx.xml
  4. launch /opt/script/xml2pcap.php <tmp/oops_xxxx.xml> bug.pcap or system/script/xml2pcap.php <tmp/oops_xxxx.xml> bug.pcap
  5. and then run ./xplico -m pcap -f bug.pcap
  6. wait fault
  7. if the fault does not appear then... use fault file and you apply the filter with tshark (and send it to us :) ).
  8. if you see the fault then the bug.pcap "contains" the bug
  9. check the bug.pcap file with Wireshark and if you can send me (bug@xplico.org) or post in this forum, I'll be happy :) .

What you found is bug, help us to delete it.


Thu Dec 17, 2009 8:27 am
Profile WWW

Joined: Sat Oct 10, 2009 10:04 am
Posts: 38
Reply with quote
Post Re: Segmentation Fault: Reduce pcap size with this tshark filter
I used CLI with rltm option. In other words, I use:
Code:
./xplico -m rtlm -i eth0

I do not use:
Code:
./xplico -m pcap -f <pcap_file>


With this explanation, I do not have any pcap files for following your instructions.

I attached oops files, too.


Attachments:
oops_Files.tar.gz [609 Bytes]
Downloaded 253 times
Thu Dec 17, 2009 9:36 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Segmentation Fault: Reduce pcap size with this tshark filter
Thanks to your files, I discovered that there is a bug in the DNS dissector.
Which version of Xplico do you use?

Can you capture (with tcpdump or Wireshark) the eth0 DNS traffic while using Xplico in cli live mode? In this way we can find the bug (with the procedure described in the previous post).


Thu Dec 17, 2009 9:50 am
Profile WWW

Joined: Sat Oct 10, 2009 10:04 am
Posts: 38
Reply with quote
Post Re: Segmentation Fault: Reduce pcap size with this tshark filter
I use 0.5.3 .

I will capture DNS traffic until I get falut message. Then will follow your instructions and send you result.


Thu Dec 17, 2009 11:03 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Segmentation Fault: Reduce pcap size with this tshark filter
Fixed in 0.5.4 version.

Thanks for your help.
Gianluca


Sun Dec 27, 2009 10:16 am
Profile WWW
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by Vjacheslav Trushkin for Free Forums/DivisionCore.