ARGUSBug - Argus Seg Faults When Analyzing Wireless PCAP File
Carter Bullard
carter at qosient.com
Sat Feb 2 18:44:18 EST 2008
Hey Mathew,
The problem was we didn't have support for the Prism wireless headers
that the packet capture file used. Its now in there and I've uploaded
a new
argus-3.0.0.tar.gz, so give that a try.
I have some additional work to get the beacons to be in a flow all their
own, so its not complete, but argus will read those files now.
Carter
On Feb 1, 2008, at 12:05 AM, Mathew Brown wrote:
>> Description:
>
> Argus Seg Faults When Analyzing Wireless PCAP File
>
> I ran into a pcap file when reading the article: "Wireless Forensics:
> Tapping the Air - Part Two" -
> http;//www.securityfocus.com/print/infocus/1885. The actual pcap file
> can be downloaded directly from here:
> http://www.raulsiles.com/downloads/VoIP_roaming_session.zip After
> unzipping, running:
>
> argus -r merged_voip_roaming_session.pcap -w
> merged_voip_roaming_session.pcap.argus
>
> would give me the error:
>
> Segmentation Fault
>
>> How-To-Repeat:
>
> See Description
>
>> Fix:
>
> None that I know of.
>
>> Submitter-Id: None
>> Originator: mathewbrown at fastmail.fm
>> Organization: None
>> ARGUS support: none
>> Release: argus-3.0
>> Product: argus
>> Synopsis: Argus Seg Faults When Analyzing Wireless PCAP File
>> Class: sw-bug
>> Severity: non-critical
>> Priority: low/medium
>
>> Environment: <machine, os, target, libraries (multiple lines)>
>
> System: Linux deb 2.6.22-grml #1 SMP PREEMPT Tue Jul 10 00:35:57 CEST
> 2007 i686 GNU/Linux
>
>
> Paths: /usr/local/sbin/argus /usr/local/bin/ra /usr/bin/make
> /usr/bin/gcc
>
> ARGUS: Argus Version 3.0.0
> RA: Ra Version 3.0.0.rc.68
>
>
> GCC: Using built-in specs.
> Target: i486-linux-gnu
> Configured with: ../src/configure -v
> --enable-languages=c,c++,fortran,objc,obj-c++,treelang --prefix=/usr
> --enable-shared --with-system-zlib --libexecdir=/usr/lib
> --without-included-gettext --enable-threads=posix --enable-nls
> --with-gxx-include-dir=/usr/include/c++/4.1.3 --program-suffix=-4.1
> --enable-__cxa_atexit --enable-clocale=gnu --enable-libstdcxx-debug
> --enable-mpfr --enable-checking=release i486-linux-gnu
> Thread model: posix
> gcc version 4.1.3 20080114 (prerelease) (Debian 4.1.2-19)
>
> LIBC:
> lrwxrwxrwx 1 root root 11 2007-12-14 13:55 /lib/libc.so.6 ->
> libc-2.7.so
> -rwxr-xr-x 1 root root 1356012 2007-12-07 11:38 /lib/libc-2.7.so
> -rw-r--r-- 1 root root 3030784 2007-12-07 11:39 /usr/lib/libc.a
> -rw-r--r-- 1 root root 238 2007-12-07 11:11 /usr/lib/libc.so
>
> PS. I had trouble sending the report using argusbug due to SMTP being
> unavailable, so I'm sending it via web mail. I also tried running it
> through argus on my Fedora 8 box and it would also seg fault.
> --
> Mathew Brown
> mathewbrown at fastmail.fm
>
> --
> http://www.fastmail.fm - The professional email service
>
>
More information about the argus
mailing list