Open jzablot opened 3 years ago
Hi, is there a recommended Linux distro and version polymorph is known to work against?
I have tried with CentOS 7 as well as via LudwigEnglbrecht's docker image, but always hit issues.
Definitely there is some dependency on specific version of tshark: if I use tshark 2.6, I hit the 'int' object is not subscritable issue seen at https://github.com/shramos/polymorph/issues/20#issuecomment-706398948.
I am also wondering if there is dependency on specific version of libnetfilter_queue-devel?
With CentOS 7, tshark 2.2, workaround mentioned in https://github.com/shramos/polymorph/issues/8, I still hit issues when trying to capture from localhost:
PH > capture -i lo [+] Waiting for packets... (Press Ctr-C to exit) ^C[ERROR] Parsing field: eth.dst [ERROR] Parsing field: eth.src [ERROR] Parsing field: eth.type [ERROR] Parsing field: ip.version [ERROR] Parsing field: ip.hdr_len [ERROR] Parsing field: ip.dsfield [ERROR] Parsing field: ip.len [ERROR] Parsing field: ip.id [ERROR] Parsing field: ip.flags [ERROR] Parsing field: ip.frag_offset [ERROR] Parsing field: ip.ttl [ERROR] Parsing field: ip.proto [ERROR] Parsing field: ip.checksum [ERROR] Parsing field: ip.src [ERROR] Parsing field: ip.addr [ERROR] Parsing field: ip.src_host [ERROR] Parsing field: ip.host [ERROR] Parsing field: ip.dst [ERROR] Parsing field: ip.dst_host [ERROR] Parsing field: icmp.type [ERROR] Parsing field: icmp.code [ERROR] Parsing field: icmp.checksum [ERROR] Parsing field: icmp.ident [ERROR] Parsing field: icmp.seq [ERROR] Parsing field: icmp.seq_le [ERROR] Parsing field: icmp.data_time [ERROR] Parsing field: icmp.data_time_relative [ERROR] Parsing field: data
PH > capture -i lo [+] Waiting for packets...
(Press Ctr-C to exit)
^C[ERROR] Parsing field: eth.dst [ERROR] Parsing field: eth.src [ERROR] Parsing field: eth.type [ERROR] Parsing field: ip.version [ERROR] Parsing field: ip.hdr_len [ERROR] Parsing field: ip.dsfield [ERROR] Parsing field: ip.len [ERROR] Parsing field: ip.id [ERROR] Parsing field: ip.flags [ERROR] Parsing field: ip.frag_offset [ERROR] Parsing field: ip.ttl [ERROR] Parsing field: ip.proto [ERROR] Parsing field: ip.checksum [ERROR] Parsing field: ip.src [ERROR] Parsing field: ip.addr [ERROR] Parsing field: ip.src_host [ERROR] Parsing field: ip.host [ERROR] Parsing field: ip.dst [ERROR] Parsing field: ip.dst_host [ERROR] Parsing field: icmp.type [ERROR] Parsing field: icmp.code [ERROR] Parsing field: icmp.checksum [ERROR] Parsing field: icmp.ident [ERROR] Parsing field: icmp.seq [ERROR] Parsing field: icmp.seq_le [ERROR] Parsing field: icmp.data_time [ERROR] Parsing field: icmp.data_time_relative [ERROR] Parsing field: data
Thanks in advance. This looks like a super useful utility!
Hi, is there a recommended Linux distro and version polymorph is known to work against?
I have tried with CentOS 7 as well as via LudwigEnglbrecht's docker image, but always hit issues.
Definitely there is some dependency on specific version of tshark: if I use tshark 2.6, I hit the 'int' object is not subscritable issue seen at https://github.com/shramos/polymorph/issues/20#issuecomment-706398948.
I am also wondering if there is dependency on specific version of libnetfilter_queue-devel?
With CentOS 7, tshark 2.2, workaround mentioned in https://github.com/shramos/polymorph/issues/8, I still hit issues when trying to capture from localhost:
Thanks in advance. This looks like a super useful utility!