ARGUSBug - Argus Seg Faults When Analyzing Wireless PCAP File

Carter Bullard carter at qosient.com
Sat Feb 2 00:59:43 EST 2008


Hey Mathew,
Thanks for the packet file, that is the best way to fix a problem!!!!
The 802.11 support is kinda new, so not surprised we've got a gotcha.
I'll try to fix this over the weekend.

Carter

Mathew Brown wrote:
>> Description:
>>     
> 	
> Argus Seg Faults When Analyzing Wireless PCAP File
>
> I ran into a pcap file when reading the article: "Wireless Forensics:
> Tapping the Air - Part Two" -
> http;//www.securityfocus.com/print/infocus/1885.  The actual pcap file
> can be downloaded directly from here:
> http://www.raulsiles.com/downloads/VoIP_roaming_session.zip  After
> unzipping, running:
>
> argus -r merged_voip_roaming_session.pcap -w
> merged_voip_roaming_session.pcap.argus
>
> would give me the error:
>
> Segmentation Fault
>
>   
>> How-To-Repeat:
>>     
>
>    See Description
>
>   
>> Fix:
>>     
>    
>    None that I know of.
>
>   
>> Submitter-Id:  None
>> Originator:    mathewbrown at fastmail.fm
>> Organization:	None
>> ARGUS support: none
>> Release:       argus-3.0
>> Product:       argus
>> Synopsis:      Argus Seg Faults When Analyzing Wireless PCAP File
>> Class:	        sw-bug
>> Severity:      non-critical
>> Priority:      low/medium
>>     
>
>   
>> Environment:   <machine, os, target, libraries (multiple lines)>
>>     
>
> System:  Linux deb 2.6.22-grml #1 SMP PREEMPT Tue Jul 10 00:35:57 CEST
> 2007 i686 GNU/Linux
>
>
> Paths:    /usr/local/sbin/argus /usr/local/bin/ra /usr/bin/make
> /usr/bin/gcc
>
> ARGUS:   Argus Version 3.0.0
> RA:      Ra Version 3.0.0.rc.68
>
>
> GCC:     Using built-in specs.
> Target: i486-linux-gnu
> Configured with: ../src/configure -v
> --enable-languages=c,c++,fortran,objc,obj-c++,treelang --prefix=/usr
> --enable-shared --with-system-zlib --libexecdir=/usr/lib
> --without-included-gettext --enable-threads=posix --enable-nls
> --with-gxx-include-dir=/usr/include/c++/4.1.3 --program-suffix=-4.1
> --enable-__cxa_atexit --enable-clocale=gnu --enable-libstdcxx-debug
> --enable-mpfr --enable-checking=release i486-linux-gnu
> Thread model: posix
> gcc version 4.1.3 20080114 (prerelease) (Debian 4.1.2-19)
>
> LIBC:    
> lrwxrwxrwx 1 root root 11 2007-12-14 13:55 /lib/libc.so.6 -> libc-2.7.so
> -rwxr-xr-x 1 root root 1356012 2007-12-07 11:38 /lib/libc-2.7.so
> -rw-r--r-- 1 root root 3030784 2007-12-07 11:39 /usr/lib/libc.a
> -rw-r--r-- 1 root root 238 2007-12-07 11:11 /usr/lib/libc.so
>
> PS.  I had trouble sending the report using argusbug due to SMTP being
> unavailable, so I'm sending it via web mail.  I also tried running it
> through argus on my Fedora 8 box and it would also seg fault.
>   



More information about the argus mailing list