Hello OpenPacket.org users,
I've noticed uploads containing Tshark output that is not formatted as expected.
When we request Tshark output we mean the output of the following command:
tshark -q -z io,phs -r yourtrace.pcap
This produces output like the following:
Protocol Hierarchy Statistics
Filter: frame
frame frames:26084 bytes:8187014
eth frames:26084 bytes:8187014
ip frames:26084 bytes:8187014
tcp frames:26077 bytes:8186206
http frames:2095 bytes:474251
data-text-lines frames:91 bytes:27088
http frames:6 bytes:1571
media frames:11 bytes:2605
http frames:2 bytes:292
tcp.segments frames:1812 bytes:1015592
http frames:1812 bytes:1015592
data-text-lines frames:1804 bytes:1013636
message-http frames:2 bytes:378
udp frames:4 bytes:618
nbns frames:3 bytes:276
data frames:1 bytes:342
icmp frames:3 bytes:190
We do not produce this output automatically on the server because it
exposes us to compromise. The next time someone finds a vulnerability
in a Wireshark protocol dissector, someone could craft a malicious
trace, upload it, and exploit the server's Tshark program. We prefer
to have users generate Tshark output.
At this very moment moderators do not have the capability to reformat
Tshark output for traces in the pending queue, so I will have to
reject them for now. In the future moderators should be able to
generate their own Tshark PHS to accompany the trace.
Thank you,
Richard
|
