argus ppp traffic

CS Lee geek00l at gmail.com
Thu Apr 24 19:17:05 EDT 2014 

hi Carter,

I downloaded the pcap from pcapr.net -

http://www.pcapr.net/view/tyson.key/2009/9/3/13/Teredo.pcap.html

And I run into segfault when convert the packets into flow, it seems that
it is ppp encapsulated traffic -

gdb /usr/local/stow/argus-3.0.7.5-debug/sbin/argus
GNU gdb (Ubuntu 7.7-0ubuntu3) 7.7
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/stow/argus-3.0.7.5-debug/sbin/argus...done.
(gdb) run -r Teredo.pcap -w Teredo.arg3
Starting program: /usr/local/stow/argus-3.0.7.5-debug/sbin/argus -r
Teredo.pcap -w Teredo.arg3
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff6a81700 (LWP 22830)]
[New Thread 0x7ffff5df4700 (LWP 22831)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff5df4700 (LWP 22831)]
ArgusCreateIPv4Flow (model=model at entry=0x7ffff7e0f010, ip=0x0) at
ArgusModeler.c:4076
4076       unsigned char *nxtHdr = (unsigned char *)((char *)ip +
(ip->ip_hl << 2));
(gdb) where
#0  ArgusCreateIPv4Flow (model=model at entry=0x7ffff7e0f010, ip=0x0) at
ArgusModeler.c:4076
#1  0x000000000040cac1 in ArgusCreateFlow (model=model at entry=0x7ffff7e0f010,

    ptr=ptr at entry=0x66ad44, length=length at entry=89) at ArgusModeler.c:1861
#2  0x000000000040d3bd in ArgusProcessIpPacket (model=0x7ffff7e0f010,
    ip=ip at entry=0x66ad44, length=length at entry=89, tvp=tvp at entry
=0x7ffff5df3a40)
    at ArgusModeler.c:1675
#3  0x000000000040e17b in ArgusPppPacket (user=0x7ffff5e76010 "",
h=0x7ffff5df3b30,
    p=0x66ad40 "\377\003") at ArgusSource.c:3229
#4  0x00007ffff7bb8b71 in ?? () from
/usr/lib/x86_64-linux-gnu/libpcap.so.0.8
#5  0x00000000004138a4 in ArgusGetPackets (arg=0x7ffff5e76010) at
ArgusSource.c:4113
#6  0x00007ffff7986182 in start_thread (arg=0x7ffff5df4700) at
pthread_create.c:312
#7  0x00007ffff719430d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:111


-- 
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.com.my
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140425/9d17fb36/attachment.html>

More information about the argus mailing list