[Openpacket-users] Tshark Protocol Hierarchy Statistics output
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
[Openpacket-users] Tshark Protocol Hierarchy Statistics output
|
From: Richard B. <tao...@gm...> - 2008-04-08 13:02:49
|
Hello OpenPacket.org users, I've noticed uploads containing Tshark output that is not formatted as expected. When we request Tshark output we mean the output of the following command: tshark -q -z io,phs -r yourtrace.pcap This produces output like the following: Protocol Hierarchy Statistics Filter: frame frame frames:26084 bytes:8187014 eth frames:26084 bytes:8187014 ip frames:26084 bytes:8187014 tcp frames:26077 bytes:8186206 http frames:2095 bytes:474251 data-text-lines frames:91 bytes:27088 http frames:6 bytes:1571 media frames:11 bytes:2605 http frames:2 bytes:292 tcp.segments frames:1812 bytes:1015592 http frames:1812 bytes:1015592 data-text-lines frames:1804 bytes:1013636 message-http frames:2 bytes:378 udp frames:4 bytes:618 nbns frames:3 bytes:276 data frames:1 bytes:342 icmp frames:3 bytes:190 We do not produce this output automatically on the server because it exposes us to compromise. The next time someone finds a vulnerability in a Wireshark protocol dissector, someone could craft a malicious trace, upload it, and exploit the server's Tshark program. We prefer to have users generate Tshark output. At this very moment moderators do not have the capability to reformat Tshark output for traces in the pending queue, so I will have to reject them for now. In the future moderators should be able to generate their own Tshark PHS to accompany the trace. Thank you, Richard |
