mkarimim / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

linux_netstat error #456

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Use Volatility 2.3 beta
2. Follow the steps from 
https://code.google.com/p/volatility/wiki/AndroidMemoryForensics
3. Create an Image for Goldfish (Android Virtual Machine)
4. Call linux_netstat

What is the expected output? What do you see instead?
Expected should be a numerous amount of open sockets. Instead I get: 

 File "./vol.py", line 186, in <module>
    main()
  File "./vol.py", line 177, in main
    command.execute()
  File "/Users/florianruckershauser/android-volatility/volatility/plugins/linux/common.py", line 58, in execute
    commands.Command.execute(self, *args, **kwargs)
  File "/Users/florianruckershauser/android-volatility/volatility/commands.py", line 111, in execute
    func(outfd, data)
  File "/Users/florianruckershauser/android-volatility/volatility/plugins/linux/netstat.py", line 68, in render_text
    state = self.get_state_str(inet_sock) if proto == "TCP" else ""
  File "/Users/florianruckershauser/android-volatility/volatility/plugins/linux/netstat.py", line 137, in get_state_str
    return linux_flags.tcp_states[state]
IndexError: tuple index out of range

What version of the product are you using? On what operating system?
Volatility 2.3 beta

Please provide any additional information below.
 Many other plugins work fine. I have only problems with linux_netstat and some that use the linux_flags plugin. 

Greetings from Germany

Florian Rückershäuser

Original issue reported on code.google.com by FlowBack...@googlemail.com on 21 Oct 2013 at 10:40

GoogleCodeExporter commented 8 years ago

Original comment by michael.hale@gmail.com on 21 Oct 2013 at 11:23

GoogleCodeExporter commented 8 years ago
Hello,

Is there anyway you could share the memory sample? I have not been able to 
reproduce this. Otherwise, I will create a debug version of the some of the 
plugins to have you run.

Original comment by atc...@gmail.com on 15 Nov 2013 at 2:54

GoogleCodeExporter commented 8 years ago
Andrew, please provide an update on this issue. 

Original comment by michael.hale@gmail.com on 7 Mar 2014 at 6:14

GoogleCodeExporter commented 8 years ago
 FlowBackwardshomer, are you still actively checking this issue? If so, are you able to provide the sample that caused this issue? It has not been seen any on other Linux sample. If you cannot provide a sample then I can send you a debug version of the plugin to test.

Original comment by atc...@gmail.com on 9 Mar 2014 at 10:28

GoogleCodeExporter commented 8 years ago
Hi FlowBackwardshomer, due to lack of information needed to debug the issue, 
I'm going to close this issue. We'll be more than happy to reopen it if you 
find some free time to provide us with some extra details. You can also reach 
us via email and we can help you out personally. Thanks!

Original comment by michael.hale@gmail.com on 13 Mar 2014 at 3:51