jacklai / pcaphar

Automatically exported from code.google.com/p/pcaphar
0 stars 0 forks source link

standard tcpdump output doesnt appear to work #19

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. running with a tcpdump -w <file>
2.uploading the file

What is the expected output? What do you see instead?

The HAR output - instead I got an error.

What version of the product are you using? On what operating system?

Please provide any additional information below.

50% of my tcpdump -w outputs work the other half doesnt. 

Is there a problem with tcpdump -w and this?

Original issue reported on code.google.com by trent.ho...@gmail.com on 27 Dec 2012 at 4:29

GoogleCodeExporter commented 9 years ago
Thanks for reporting this issue. Could you please upload an example of your 
tcpdump files?

Original comment by ls...@google.com on 27 Dec 2012 at 1:04

GoogleCodeExporter commented 9 years ago
Hello

Yes, my apologies - I didnt provide many specifics other than 'theres a 
problem!'.

tcpdump is attached.

im running on a Centos 6.2 box - linux 2.6.32-71.el6.x86_64
tcpdump v4 - according to the rpm metadata:
Name        : tcpdump                      Relocations: (not relocatable)
Version     : 4.0.0                             Vendor: CentOS
Release     : 3.20090921gitdf3cb4.1.el6     Build Date: Fri 20 Aug 2010 
15:30:12 EST
Install Date: Mon 16 Jan 2012 04:09:17 EST      Build Host: 
c6b2.bsys.dev.centos.org
Group       : Applications/Internet         Source RPM: 
tcpdump-4.0.0-3.20090921gitdf3cb4.1.el6.src.rpm
Size        : 836539                           License: BSD with advertising
Signature   : RSA/8, Sun 03 Jul 2011 15:03:02 EST, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem <http://bugs.centos.org>
URL         : http://www.tcpdump.org
Summary     : A network traffic monitoring tool

My tcpdump command was:

tcpdump -s 0 port http -i eth0  -w tcpdump.pcap

Original comment by trent.ho...@gmail.com on 27 Dec 2012 at 8:05

Attachments:

GoogleCodeExporter commented 9 years ago
In the aforementioned capture I stopped httpd, ran tcpdump, started tcpdump, 
waited,  stopped httpd, stopped tcpdump, started httpd.

I was thinking maybe the issue was the pcap had missing data at the start...

Though the attached pcap didnt parse. :(

Original comment by trent.ho...@gmail.com on 27 Dec 2012 at 8:07

GoogleCodeExporter commented 9 years ago
Another failed pcap output attached created by

host#  tcpdump -i eth0 tcp port 80 -w tcpdump.pcap

[root@studio01 tmp]# tcpdump -i eth0 tcp port 80 -w tcpdump.pcap^C
[root@studio01 tmp]# uname -a
Linux studio01.e2e.stg.realestate.com.au 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri 
Aug 24 01:07:11 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
[root@studio01 tmp]# cat /etc/redhat-release 
CentOS release 6.3 (Final)
[root@studio01 tmp]# rpm -qi tcpdump
Name        : tcpdump                      Relocations: (not relocatable)
Version     : 4.0.0                             Vendor: CentOS
Release     : 3.20090921gitdf3cb4.2.el6     Build Date: Mon 26 Mar 2012 
23:56:48 EST
Install Date: Wed 12 Sep 2012 21:30:46 EST      Build Host: 
c6b6.bsys.dev.centos.org
Group       : Applications/Internet         Source RPM: 
tcpdump-4.0.0-3.20090921gitdf3cb4.2.el6.src.rpm
Size        : 832443                           License: BSD with advertising
Signature   : RSA/SHA1, Tue 27 Mar 2012 00:32:34 EST, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem <http://bugs.centos.org>
URL         : http://www.tcpdump.org
Summary     : A network traffic monitoring tool
Description :
Tcpdump is a command-line tool for monitoring network traffic.
Tcpdump can capture and display the packet headers on a particular
network interface or on all interfaces.  Tcpdump can display all of
the packet headers, or just the ones that match particular criteria.

Install tcpdump if you need a program to monitor network traffic.

Attached

Original comment by trent.ho...@gmail.com on 30 Dec 2012 at 10:34

Attachments:

GoogleCodeExporter commented 9 years ago
Thanks for your patience. This should have been fixed. Please report back if 
you still experience issues.

Original comment by ls...@google.com on 1 Jan 2013 at 8:38