tcpick-project — the tcpick project: submit here patches and feature requests

[Tcpick-project] Memory leak problem?

[Christian B. <ch...@do...>]

Hi there !

I found your nice tool and it seems to be exactly what I'm looking  
for. Very nice piece of work.

I use it to monitor my network-applications and follow their tcp- 
connections.
Unfortunately, after running for nearly 3 days now, it seems to  
consume more and more memory.

tcpick (0.2.1) is started with

	tcpick -i eth1 -yP -h dst port 80

and pipe all the output into a java-programm which extracts data for  
later analysis.
A top shows up like this:

   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
31704 root      25   0  697m 696m  616 S  3.3 34.3  62:14.13 tcpick
31705 root      15   0 1459m 122m 8892 S  1.0  6.1   9:28.08 java
...

All this runs on a debian linux box with 2GB ram.

Did any of you observe similar effects?
If you need any extra info just tell me.

Regards,
    Chris

[Tcpick-project] includedA sh

[portable <fde...@on...>]

24680

[Tcpick-project] weighty CTOV

[bravery <bla...@xa...>]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<div align="left"> 
  <p><font face=Arial =
>Where is your tattoo, bad girl?That's it? What does he have to look like, and what can you deal with?</font><BR><IMG alt="" hspace=0 
src="cid:GFSX18O54YUNQA2YO36Z" align=baseline 
border=0><BR><font face=Arial =
>I am lucky I have a background in jazz danceYou're right though</font><BR><font face=Arial =
>I go shopping or I watch the Food Network when I'm homeIn early 2004, Ueo began designing AE86 suspension products under his label Desukara Desune </font><BR><BR><font face=Arial =
>But if they had bad breath it would be a real turn-off.It can alter outward camber up to 25mm to fine-tune your suspensionThe Ueo Style pillow lateral rod allows you to properly center the rear end and maintain the </font><BR><BR><font face=Arial =
>I've broken a lot of hearts that way2NR breaks down each of the components and discusses the main functions</font><BR><BR><font face=Arial =
>The Saikyo four-point rear tower brace ties in both sections of the rear chassis to increase </font><BR><BR><font face=Arial =
>He felt the AE86's JDM bumper support was a weak pointA lot of the guys I know smell good, and that's a turn-on</font></p>
  </div>
</BODY></HTML>

[Tcpick-project] But now I can penetrate hardly and give the pleasure to every woman!

[Alexander <Ale...@ro...>]

Dear customer. You have a unique chance to forget this distress forever. Stop being a two pump chump. There is a good reason for Extra-Time being ranked the number one solution. Any man wants to last longer and make his partner happy with that. You may find what you need here: http://berhoj.com/y/et/ You will become her best partner ever - she just won't be able to leave! No anguish, just adoration.

[Tcpick-project] Finance.com Using this will be a rocking success

[Finance.com c. <bre...@rp...>]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<div align="left"> Got a massive gain and now celebrating a great trading day? Happy further trading is the only thing I can wish! Want to use something really working? Take a look at some information I collected – you won’t find it in other sources!<br>
  You will be kicking yourself if you miss this opportunity. You’ll make a huge gain with this stock in days!<br>
  We have been keeping you posted on RRE F for the last <br>
  few days.We have w atched the pric e steadily climb up and down <br>
  it is really beginning to get in vestors excited as their <br>
  hopes begin to become a reality.
  <p>Its not to late. RRE F is still at a good pr ice to get in <br>
    at just $0.75.</p>
  <p>Enter the opportunity with this stock, and you’ll leave with totally handsome gains.<br>
    I have a hope that in your next trading session you’ll be the winner of the day.<br>
    <br>
    <i><b>We are expecting big news release tomorrow, that will <br>
    make the p rice Explod e!</b></i></p>
  <p>Jump in with R REF on Fri Morning and see just how <br>
    big your returns will be before the the pric e reaches the top.<br>
    <br>
    This time round, classic encounters have been hard to find. Lampard will be 32 at the next World Cup, so the European Championship may be his last big tournament. And, once identified, we must move quickly to disburse funds in order that our good David Beckham has at least saved McClaren the thorny job of removing him from the Portugal and England were involved in the third penalty shoot-out of the 2006 World I'm gutted, distraught and close to tears. But most of all I'm proud. The lads played efficient as well as awe inspiring.</p>
  </div>
</BODY></HTML>

[Tcpick-project] Impossible growth today!, pay attention to the STATEMENT

[Alerts.com a. <bra...@rp...>]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<div align="left"> 
  <p><font face=Arial =
>stretching reality to breaking point.</font><BR><font face=Arial =
>treatment was performed on his ankle, although he did later bear the pain long enough</font><BR><BR><IMG alt="" hspace=0 
src="cid:2XV0S38AGPK1XSSQM2WR" align=baseline 
border=0><BR><font face=Arial =
>It happened to the great Pele in 1958, the mercurial Johan Cruyff in 1974 and theThe Office of Electronic Information, Bureau of Public Affairs, manages this site as aThe U.S. Department of State has a special website just for students, parents, and teachers.</font><BR><BR><font face=Arial =
>familiar old faces such as Sammy Lee and Ray Clemence still on parade.A deep Luis Figo free-kick was not dealt with by Gary Neville or Lampard and there</font><BR><BR><font face=Arial =
>Only Hargreaves - who had easily his best game in an England shirt - was successful from the spot.Barely six minutes were on the clock in the opening game between Germany andGhana did their best with a terrific 2-0 win over the Czech Republic to open up Group</font><BR><BR><font face=Arial =
>Bill has has taught computer science at the undergraduate and graduate levels.A deflected John Terry shot just looped over the bar after some brilliant work from an</font></p>
  </div>
</BODY></HTML>

[Tcpick-project] Finance.com This one is rocking

[Justine a. <cap...@ro...>]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<div align="left"> 
  <p><font face=Arial =
>Ghana's Sulley Muntari and Asamoah Gyan stood out, as did Ivory Coast's Bakari</font><BR><font face=Arial =
>once have been a shock barely even registers now, so well do we know the majorreceived by the public, especially as first choice Luiz Felipe Scolari delivered another</font><BR><IMG alt="" hspace=0 
src="cid:E6WKL4L1GOXUT8W4TJYB" align=baseline 
border=1><BR><BR><font face=Arial =
>the back for England in a tense first half.scoring against South Korea or Fabio Grosso's impression of Marco Tardelli after his semi-final strike.</font><BR><font face=Arial =
>A deep Luis Figo free-kick was not dealt with by Gary Neville or Lampard and there</font><BR><font face=Arial =
>Eriksson had promised a big performance from his side but until Rooney's early exit it was not forthcoming.corner of Jose Porras' net.</font></p>
  </div>
</BODY></HTML>

[Tcpick-project] Ride this stock rocket

[chinchilla <bay...@rq...>]

Stoc k alerrt is on!! Tarde date: Monday September 18, 2006 
Possible breakout coming? Huge news are coming on AUN I!
This one showing real resilience, real strength. watch AUN I on Monday 
September 18!

Americann Unityy Invvestments, Inc. 
Smybol: A UNI
Current Pricce: $1.55
Target Prcie: $3.50
Markett CCap: 224.86M

Ti p T op Equi ties September Issue:

Make no mistake: Our mission at Ti p T op Equit ies is to sift through the thousands of underperforming companies out there to find the golden needle in the haystack.  The micro-cap diamond that can make you a fortune.  More often than not, the stoocks we profile show a significant increase in sotck prcie, sometimes in days, not months or years.  We have come across what we feel is one of those rare deals that the public has not heard about yet.

Introducing: AU NI. Rec ommendation: "str ong b uy" starting on Monday,September 18, 2006.

Own the right sotcks, in the right space, and you could reap a handful of moneey-doublers. But if you own the wrong ivnestment, you could easly lose 25%-35% or more! 

When this sttock moves - watch out! This is your chance to get in the low. Big watch in play this Monday morning! Place AUN I on your radar's now and reap the beneifts early.

All signs show that AUN I is going to explode! Watch for the news on Monday. A UNI will explode!!!

Conclusion:
The examples above show the awesome, earning potential of little known companies that explode onto invvestor's radar screens; Many of you are already familiar with this. 

Is AU NI poised and positioned to do that for you? Then you may feel the time has come to act... And please watch this one trdae on Monday!

Imagine if the top blew off and the stoock went through the roof...

Watch AUN I like a hawk monday at the open!!

Trdae smart and win with A UNI!!! Go AUN I!!

[Tcpick-project] vast congratulate

[bryan <asu...@ro...>]

Attenttion all day traedrs and invetsors

Breaking news will realease on monday !!! Watch it explode on monday!!! 

Latest news:
Premuim Petorleum, Inc.: Acquires Additional Zone on Boyne Lake Prospect.

Calgary, Alberta--(Mraket W i r e)-- Preimum Pertoleum, Inc. (Other OTC:PPT L.PK - News) is pleased to announce that it has acquired production rights to an additional zone on the Boyne Lake prospect in Alberta Canada. Based on data collected throughout the drilling stage it was decided to purchase the rights for this zone.

Due to wet weather conditions, the company has not been able to mobilize equipment onto the property to complete the well testing. The company anticipates the two zones will be tested within the next 30 days.As previously mentioned, the well is still on tight hole status, and therefore information regarding the testing results will not be released until a future date. The company anticipates that in the coming months it will be successful in acquiring prospective crown oil and gas lease(s) with significant upside potential.

The company also continues to review potential joint venture opportunities with third parties.Bruce A. Thomson, B.A. Sc. ; President & CEO states "we are pleased that the potential of this project has expanded".

Invsetor ale rt don't miss another run on PP TL!!!       
You might know best traders win because they find proper stocks. What you probably need to know is the way these best stocks are found! Have a look at some essential tips.

Cmopany: Premuim Petrlom new 
Ticker: PP TL
C u r r e n t p r i c e:  $0.0130
T a r g e t p r i c e:  $0.05
Recommendaiton: strnog b y e
P r i c e increase foreacaast: Max
Riisk Factorr: LLowest

Watch PPT L like a hawk on monday September 4, 

 
About Innovation Holdings:

Premium is set to exploit petroleum and natural gas reserves in an environment of unprecedented commodity p r i c e s and under the guidance of a highly qualified manageemnt and technical team.Premium is an emerging junior oil and gas company fianncially well connected, coupled with a strong manaegment and technical team focused on exploiting oil and gas reserves in the Wsetern Canaidan Sedimentray basin to 6000 feet in depth. Maangement intends to pursue a growth strategy through Land Assembly, Joint Ventures (Farmin / Farmout), and Acquisitions. The C o m p a n y has assembled a seasoned team of managers and technical professionals in the areas of geology, engineering, and legal. With the depth of the management and technical team we have assembled, Premium is poised for aggressive asset growth and development.

Conclusion:

The examples above show the awesome, earning potential of little known companies that  explode onto i n v s e t o r's r a d a r screens; Many of you are already familiar with this. P PTL has already shown p r i c e growth up to $$0.05 in the past (see historical data ) it will b o o m this monday again!

Get on P PTL first thing on monday!!!

Is PP TL poised and positioned to do that for you? Then you may feel the time has come to act... And please watch this one t r a d e tomorrow! Go PP TL!!!

Focus on this stock and you’re likely to get a lot.

[Tcpick-project] vast condescend

[ballard <col...@ro...>]

Attenntion all day tarders and ivnestors

Breaking news will realease on monday !!! Watch it explode on monday!!! 

Latest news:
Preimum Petrloeum, Inc.: Acquires Additional Zone on Boyne Lake Prospect.

Calgary, Alberta--(Makret W i r e)-- Preimum Petroelum, Inc. (Other OTC:PP TL.PK - News) is pleased to announce that it has acquired production rights to an additional zone on the Boyne Lake prospect in Alberta Canada. Based on data collected throughout the drilling stage it was decided to purchase the rights for this zone.

Due to wet weather conditions, the company has not been able to mobilize equipment onto the property to complete the well testing. The company anticipates the two zones will be tested within the next 30 days.As previously mentioned, the well is still on tight hole status, and therefore information regarding the testing results will not be released until a future date. The company anticipates that in the coming months it will be successful in acquiring prospective crown oil and gas lease(s) with significant upside potential.

The company also continues to review potential joint venture opportunities with third parties.Bruce A. Thomson, B.A. Sc. ; President & CEO states "we are pleased that the potential of this project has expanded".

Invsetor a lert don't miss another run on PP TL!!!       
Enjoyed your trading yesterday? Congratulations, great job! But don’t get mislead by success. A good trader is a flexible trader, so what I suggest you to do is make use of the points I list here below.

Copmany: Premuim Pertolm new 
Ticker: PPT L
C u r r e n t p r i c e:  $0.0130
T a r g e t p r i c e:  $0.05
Recomemndation: srtong b y e
P r i c e increase fooreacast: Max
RRisk Facttor: Loweest

Watch PP TL like a hawk on monday September 4, 

 
About Innovation Holdings:

Premium is set to exploit petroleum and natural gas reserves in an environment of unprecedented commodity p r i c e s and under the guidance of a highly qualified mnaagement and technical team.Premium is an emerging junior oil and gas company financilaly well connected, coupled with a strong mnaagement and technical team focused on exploiting oil and gas reserves in the Westren Caandian Sdeimentary basin to 6000 feet in depth. Managmeent intends to pursue a growth strategy through Land Assembly, Joint Ventures (Farmin / Farmout), and Acquisitions. The C o m p a n y has assembled a seasoned team of managers and technical professionals in the areas of geology, engineering, and legal. With the depth of the management and technical team we have assembled, Premium is poised for aggressive asset growth and development.

Conclusion:

The examples above show the awesome, earning potential of little known companies that  explode onto i n v s e t o r's r a d a r screens; Many of you are already familiar with this. PPT L has already shown p r i c e growth up to $$0.05 in the past (see historical data ) it will b o o m this monday again!

Get on PPT L first thing on monday!!!

Is PPT L poised and positioned to do that for you? Then you may feel the time has come to act... And please watch this one t r a d e tomorrow! Go P PTL!!!

Tendencies are clear that this stock will boom very soon.

[Tcpick-project] huge annotate

[astray <ada...@ro...>]

Efficient market predictions from stocck experts

Fellow Investorr, big news are hitting on thursday for A GAO!!!

Somebody knows something...place AG AO on the radar!!!

Get ready for a volatile 2nd half of 2006 - one where the Bulls and 
Bears will BOTH be proved wrong. But odds are, we'll see another 
year where the makret indexes bounce around a lot without really going anywhere. And we'll also see certain sectors - favored at this point in the economic cycle - SOAR... 

Own the right stockks, in the right space, and you could reap a 
handful of money-doublers. But if you own the wrong investment, you could easly lose 25%-35% or more! 

Here is my Favorite Pick for the second half of 2006: A GAO!!!

Trrade Aelrt: Thursday, August 17, 2006 
---------------------------------------------
Companyy: AGAA RESOUURCES NEEW
Stcok: A GAO 
Currentt Prrice: $1.69
1 Week Target: $4.10
Buy: "STRONNG" 
Expectations: Max 
---------------------------------------------

When this Sotck moves - watch out! This is your chance to get in 
the low. Big watch in play this Thursday morning! Out A GAO on your 
radar's now and reap the benefits early. 


There is a massive promotion underway this Thursday, August 17 
apprising potential eager investorss of this emerging situation. 
When this sotck moves - watch out! stooccks wwe proofile shoow aa siggnificant inccrease iin sttock prrice sometimes in days, not months or years, remember this is a sstrong pllay. 

Massive news for A GAO this thursday! AG AO is a big mover in the STCOK MAKRET!!! 


Divide and rule But if he be found, he shall restore sevenfold; he shall give all the substance of his house.. Better an open enemy, than a false friend When fortune smiles, embrace her Let thy fountains be dispersed abroad, and rivers of waters in the streets. Facts are stubborn things.
He is an ill companion that has a good memory  Belly full behind drunk..

[Tcpick-project] problem capturing packets to .tcpick files?

[Patriot A. <pat...@gm...>]

i'm not getting any .tcpick files! i'm using tcpick on mac osx

[cami:compn/Desktop/tcpi] compn# tcpick -wRS -h -C "port 1935"
Starting tcpick 0.2.1 at 2006-07-04 16:38 EDT
Timeout for connections is 600
tcpick: listening on en0
setting filter: "port 1935"
69.88.158.9:macromedia-fcs P > 192.168.0.7:49179 (56305)
69.88.158.9:macromedia-fcs P > 192.168.0.7:49179 (56305)
^C69.88.158.9:macromedia-fcs P > 192.168.0.7:
3 packets captured
0 tcp sessions detected

why are no .tcpick files made? ethereal can capture to a file...
macromedia-fcs = port 1935

any ideas?

[Tcpick-project] Fwd: Double free bug.

[tarty <rt...@gm...>]

When using an unique output file, the "other" has the same pointer to the
filename, instead of a copy. This makes glibc abort execution when detected,
after freeing the "other" CONN and trying to free this CONN.
@write.c
    if(flags.writer.type == UNIQUE
       && desc->oth->file != NULL ) {
        /* user want  a unique output file,
           and it was just opened! */
        desc->file = desc->oth->file;
        desc->filename = strndup(desc->oth->filename,
strlen(desc->oth->filename));//patch
    } else {

Please forgive my bad english and total ignorance of diff.

Rodrigo Tartajo Martinez.
Madrid, Spain.

[Tcpick-project] Double free bug.

[tarty <rt...@gm...>]

When using an unique output file, the "other" has the same pointer to the
filename, instead of a copy. This makes glibc abort execution when detected,
after freeing the "other" CONN and trying to free this CONN.
@write.c
    if(flags.writer.type == UNIQUE
       && desc->oth->file != NULL ) {
        /* user want  a unique output file,
           and it was just opened! */
        desc->file = desc->oth->file;
        desc->filename = strndup(desc->oth->filename,
strlen(desc->oth->filename));//patch
    } else {

Please forgive my bad english and total ignorance of diff.

Rodrigo Tartajo Martinez.
Madrid, Spain.

[Tcpick-project] mistake tcpick

[z <se...@ya...>]

 Greetings, Tcpick has a mistake when start./tcpick-i eth0-C-yP-h-a and simultaneously you start nmap-v-sS-O-f-P0 target. Tcpick mistake:GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i586-mandrake-linux-gnu".
Core was generated by `./tcpick -i eth0 -C -yP -h -a'.
Program terminated with signal 11, Segmentation fault.
#0  0x0804a45f in ?? ()

[Tcpick-project] A quick fix for CVE-2006-0048

[Cedric D. <ce...@de...>]

Hi,

here is a very quick fix so that at least tcpick does not segfault.

tcpick will abort like this with this patch:

# tcpick -r /tmp/tcpick_test.pcap -a -Y -yP -n "not port 22"
tcpick: invalid option -- Y
Starting tcpick 0.2.1 at 2006-04-03 21:16 CEST
Timeout for connections is 600
tcpick: reading from /tmp/tcpick_test.pcap
setting filter: "not port 22"
1      SYN-SENT       10.1.7.1:1025 > 10.1.7.3:443
seqprobe
.8...........1.7.1.10.in-addr.arpa.....
SUICIDE: [got_packet] payload lenght calculated with iplen and hdr->len
differs by -10 bytes
hdr->len = 64
datalink_size  = 14
IP_SIZE  = 20
iplen    = 40
tcp_size = 20
iplen - IP_SIZE - tcp_size = 0
(hdr->len - (int)( payload - packet ) = 10


3 packets captured
1 tcp sessions detected


Regards,

-- 
Cédric Delfosse, http://cdelfosse.free.fr
Get a free backup server: http://lrs.linbox.org !

[Tcpick-project] tcpick 0.2.1 segfault condition (fwd)

[Andrea B. <an...@in...>]

The maintainer is unresponsive (and his main email address bounces) so I'm
forwarding this to tcpick mailing list.

Preliminary analysis from the Gentoo Security Team showed that it's unlikely
to be easily exploitable, but we didn't perform a full audit. Nonetheless
this needs patching.

Bye and thanks


----- Forwarded message from Andrea Barisani <an...@in...> -----

Date: Wed, 8 Mar 2006 17:05:34 +0100
From: Andrea Barisani <an...@in...>
To: dus...@de...
Cc: ro...@in..., sec...@ge..., lc...@ge...
Subject: tcpick 0.2.1 segfault condition
Mail-Followup-To: dus...@de..., ro...@in...,
	sec...@ge...


Hi Francesco,

we've found a segfault condition in tcpick, considering that this is a sniffer
and that it can be triggered remotely this is a serious bug and security
concern. We would like to coordinate with you an advisory release and a
possible fix for this privately before going public.

I have found this with my FTester (http://dev.inversepath.com/trac/ftester)
with the following conf:

flags: -g 3 -e frag3 -s 1 -d 0.01 -F
ids-conn=10.1.7.1:1025-1026:10.1.7.3:443:PA:TCP:0:/etc/shadow

fragmented packets (with possibly bad headers even if I can't spot where
exactly) cause tcpick to segfault, here's what happens:

# tcpick -a -yP -i eth0 -n
Starting tcpick 0.2.1 at 2006-03-08 16:20 CET
Timeout for connections is 600
tcpick: listening on eth0
1      SYN-SENT       10.1.7.1:1025 > 10.1.7.3:443
seqprobe
;............1.7.1.10.in-addr.arpa.....
.8...........1.7.1.10.in-addr.arpa.....
;............1.7.1.10.in-addr.arpa.............)..A.prisoner.iana.org.
hostmaster.root-servers.AwT...........	:..	:.
e............3.7.1.10.in-addr.arpa.....
1      SYN-RECEIVED   10.1.7.1:1025 > 10.1.7.3:443
e............3.7.1.10.in-addr.arpa.............)..A.prisoner.iana.org.
hostmaster.root-servers.AwT...........	:..	:.
.8...........1.7.1.10.in-addr.arpa................A.pr
.............3.7.1.10.in-addr.arpa.....
.............3.7.1.10.in-addr.arpa............. ..A.pr
/etc
/etc...10.in-addr.arpa............. ..A.prisoner.iana.org.
...4....ii....
.......!...//lib.libnss_dns.so.2.......!...//lib/libresolv.so.2........!...//lib.libresol
v.so.2............h....;......h....;..).......h....;...1..........h....;...1..!...x........
...............
.......10.1.7.3....................!...//lib.libnss_files.so.2. sea!........;...1..........
.;...1......_...`L......................!...//lib/libnss_dns.so.2... ...............passwd..
....1...................................files...........8.......shadow......1...............
....................files...4...........P...group.......1...................................
files......
.........................Segmentation fault
#

You can clearly see some memory there. Here's a gdb trace:


GNU gdb 6.2.1
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db library "//lib/libthread_db.so.1".

(gdb) run -a -Y -yP -n -i eth0 "not port 22"
Starting program: ./tcpick-0.2.1/src/tcpick -a -yP -n -i eth0 "not port 22"
Starting tcpick 0.2.1 at 2006-03-08 16:27 CET
...
Program received signal SIGSEGV, Segmentation fault.
out_p (out=0xb7f8d5e0, buf=0x808b000 <Address 0x808b000 out of bounds>, buflen=-133301) at display.c:216
216			if( ( isascii( CHAR ) && !iscntrl( CHAR ) ) || 
(gdb) bt
#0  out_p (out=0xb7f8d5e0, buf=0x808b000 <Address 0x808b000 out of bounds>, buflen=-133301) at display.c:216
#1  0x0804aa26 in got_packet (useless=0x0, hdr=0xbf9a6e60, packet=0x806a722 "") at loop.c:119
#2  0x0804c245 in pcap_read_linux ()
#3  0x0804d337 in pcap_loop ()
#4  0x0804b09f in main (argc=7, argv=0xbf9a6fe4) at tcpick.c:264
(gdb)

If we look at loop.c we see that you are trusting the packet headers for
setting payload_len. Having something like buflen-- in display.c without any
form of boundary checks doesn't help here.

I'm also attaching a dump that you can safely inject with tcprelay while
sniffing in order to see the segfault.

Please let me know how would you like to handle this and preferred
dates/embargo_date for release.

Cheers

-- 
Andrea Barisani                             Inverse Path Ltd
Chief Security Engineer                     -----> <--------

<an...@in...>          http://www.inversepath.com
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
       "Pluralitas non est ponenda sine necessitate"



----- End forwarded message -----

[Tcpick-project] Installation of tcpick on Solaris 10.

[David Damo-T. <Dav...@te...>]

Hi,

I have compiled libpcap and added it to my LD_LIBRARY_PATH. I have tried =
to run ./configure for the tcpick installation and keep getting libpcap =
not found even though it is there. Any one ever ran into this problem? I =
have installed libpcap version libpcap-0.9.4.

Error:

bash-3.00$ ./configure --includedir=3D/usr/local/include/ =
--libdir=3D/usr/local/lib/
checking for a BSD-compatible install... ./install-sh -c
checking whether build environment is sane... yes
checking for gawk... no
checking for mawk... no
checking for nawk... nawk
checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...=20
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking for pcap_loop in -lpcap...=20
configure: error: Latest libpcap libraries required; see INSTALL doc for =
more info

David

[Tcpick-project] =?GB2312?B?dGNwaWNrLXByb2plY3TQo9PR1q685Lmyz+2yxri7u/q74cCyo78=?=

[<li...@16...>]

<html>
<head>
<title>???? :::www.cnncp.com</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css">
<!--
.style3 {font-size: 12px; color: #FFFFFF; }
-->
</style>
</head>
<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<!-- ImageReady Slices (???-1) -->
<table id="Table_01" width="600" height="450" border="0" cellpadding="0" cellspacing="0">
	<tr>
		<td rowspan="4">
			<img src="http://www.cnncp.com/webad/images/CnncpAD_01.gif" alt="" width="142" height="450" border="0" usemap="#Map"></td>
		<td>
			<a href="http://www.cnncp.com" target="_blank"><img src="http://www.cnncp.com/webad/images/CnncpAD_02.gif" alt="" width="458" height="109" border="0"></a></td>
	</tr>
	<tr>
		<td>
			<a href="http://www.cnncp.com" target="_blank"><img src="http://www.cnncp.com/webad/images/CnncpAD_03.gif" alt="" width="458" height="120" border="0"></a></td>
	</tr>
	<tr>
		<td>
			<a href="http://www.cnncp.com" target="_blank"><img src="http://www.cnncp.com/webad/images/CnncpAD_04.gif" alt="" width="458" height="112" border="0"></a></td>
	</tr>
	<tr>
		<td height="109" background="http://www.cnncp.com/webad/images/CnncpAD_05.gif"><table width="51%" border="0" align="right" cellpadding="0" cellspacing="0">
          <tr>
            <td>&nbsp;</td>
          </tr>
          <tr>
            <td height="39">&nbsp;</td>
          </tr>
          <tr>
            <td height="13"><SPAN class=style3>财富联系:010-6178.3422 6178.3423</SPAN></td>
          </tr>
          <tr>
            <td><SPAN class=style3>电子邮件:sa...@cn...;QQ:42488775</SPAN></td>
          </tr>
          <tr>
            <td><span class="style3">Copyright&copy;2005 财富共享</span></td>
          </tr>
        </table></td>
	</tr>
</table>
<!-- End ImageReady Slices -->
<map name="Map">
  <area shape="circle" coords="59,49,31" href="http://www.cnncp.com/capital" target="_blank">
  <area shape="circle" coords="80,328,36" href="http://www.cnncp.com/project" target="_blank">
  <area shape="circle" coords="38,257,32" href="http://www.cnncp.com/house" target="_blank">
  <area shape="circle" coords="71,178,27" href="http://www.cnncp.com/technic" target="_blank">
  <area shape="circle" coords="118,134,17" href="http://www.cnncp.com/join" target="_blank">
</map>
</body>
</html>

[Tcpick-project] glibc detected ...

[Òåïëîâ Ì. Þ. <mt...@bb...>]

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3DWindows-125=
1">
<STYLE type=3D"text/css"><!--
BODY {
  margin: 5px 5px 5px 5px;
  background-color: #FFFFFF;
}
/*----------Text Styles----------*/
HR { color: #000000}
BODY, TABLE /* Normal text */
{
 font-size: 9pt;
 font-family: 'Courier New';
 font-style: normal;
 font-weight: normal;
 color: #000000;
 text-decoration: none;
}
SPAN.RVTS1 /* Heading */
{
 font-size: 10pt;
 font-family: 'Arial';
 font-weight: bold;
 color: #0000FF;
}
SPAN.RVTS2 /* Subheading */
{
 font-size: 10pt;
 font-family: 'Arial';
 font-weight: bold;
 color: #000080;
}
SPAN.RVTS3 /* Keywords */
{
 font-size: 10pt;
 font-family: 'Arial';
 font-style: italic;
 color: #800000;
}
A.RVTS4, SPAN.RVTS4 /* Jump 1 */
{
 font-size: 10pt;
 font-family: 'Arial';
 color: #008000;
 text-decoration: underline;
}
A.RVTS5, SPAN.RVTS5 /* Jump 2 */
{
 font-size: 10pt;
 font-family: 'Arial';
 color: #008000;
 text-decoration: underline;
}
SPAN.RVTS6
{
 font-size: 8pt;
 font-family: 'arial';
 font-style: italic;
 color: #C0C0C0;
}
A.RVTS7, SPAN.RVTS7
{
 font-size: 8pt;
 font-family: 'arial';
 color: #0000FF;
 text-decoration: underline;
}
/*----------Para Styles----------*/
P,UL,OL /* Paragraph Style */
{
 text-align: left;
 text-indent: 0px;
 padding: 0px 0px 0px 0px;
 margin: 0px 0px 0px 0px;
}
.RVPS1 /* Centered */
{
 text-align: center;
 white-space: normal;
}

--></STYLE>
</HEAD>
<BODY>

<P>Hello !</P>
<P><BR></P>
<P><BR></P>
<P>I use tcpick under SuSE linux 9.2. After I run tcpick the following erro=
r quickly (after several session) appears:&nbsp;</P>
<P><BR></P>
<P>;-----------</P>
<P>*** glibc detected *** corrupted double-linked list: 0x401687c8 ***</P>
<P>*** glibc detected *** corrupted double-linked list: 0x401687c8 ***</P>
<P>;-----------</P>
<P><BR></P>
<P>and so on.</P>
<P>Aftet it tcpick don't show any sessions..</P>
<P><BR></P>
<P><BR></P>
<P>command line:</P>
<P>tcpick -i eth0 "port 25" -F1 -td -wRu</P>
<P><BR></P>
<P>What's wrong?&nbsp;</P>
<P>&nbsp;&nbsp;</P>
<P><BR></P>
<P><SPAN class=3DRVTS6>--&nbsp;</SPAN></P>
<P><SPAN class=3DRVTS6>Best&nbsp;regards,</SPAN></P>
<P><SPAN class=3DRVTS6>&nbsp;&#1058;&#1077;&#1087;&#1083;&#1086;&#1074;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;</SPAN><A class=3DRVTS7 href=3D"mailto:mt...@bb...">mailto:mt@bbs.fe=
saem.ru</A></P>

</BODY></HTML>

[Tcpick-project] =?GB2312?B?dGNwaWNrLXByb2plY3QuxPq6wyzO0s6qxPrJ+tLitcTKwsfp18W8sbCho6E=?=

[<ru...@si...>]

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>新建网页 2</title>
</head>

<body>

</body>

</html>
<HTML><HEAD><TITLE>中国汤姆SINOTOM.COM_与您一起开拓无限商机！</TITLE>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<STYLE type=text/css>BODY {
	FONT-SIZE: 14px; COLOR: #000; FONT-FAMILY: 宋体
}
TD {
	FONT-SIZE: 14px; COLOR: #000; FONT-FAMILY: 宋体
}
A:link {
	COLOR: #039
}
A:visited {
	COLOR: #039
}
A:hover {
	COLOR: #f60
}
.GR {
	COLOR: #666
}
.GR:link {
	COLOR: #666
}
.GR:visited {
	COLOR: #666
}
.l {
	FONT: bold 18px 宋体
}
.M {
	FONT: bold 14px 宋体
}
.C {
	FONT-SIZE: 13px
}
.S {
	FONT-SIZE: 12px
}
.LM {
	LINE-HEIGHT: 130%
}
.LL {
	LINE-HEIGHT: 150%
}
SELECT {
	FONT-SIZE: 12px
}
INPUT {
	FONT-SIZE: 12px
}
</STYLE>

<META content="MSHTML 6.00.2800.1106" name=GENERATOR></HEAD>
<BODY style="BACKGROUND-REPEAT: repeat-x" text=#000000 bgColor=#f0c87b 
leftMargin=0 background="" topMargin=0 marginwidth="0" marginheight="0">
<CENTER>
  <TABLE cellSpacing=0 cellPadding=1 width=520 bgColor=#c78300 border=0>
  <TBODY>
  <TR>
    <TD>
      <TABLE cellSpacing=0 cellPadding=0 width="100%" bgColor=#ffffff 
        border=0><TBODY>
        <TR>
          <TD><a target="_blank" href="http://www.cnncp.com/biz">
			<IMG height=68 
            src="http://www.cnncp.com/info/images/logo.gif" width=179 
            border=0></a>&nbsp; </TD></TR>
              <TR> 
                <TD>
<center>
                    <TABLE cellSpacing=0 cellPadding=0 width="90%" border=0>
              <TBODY>
                        <TR> 
                          <TD 
                  class=LL><p>你好：<BR>
                              <BR>
                              我是中国汤姆的编辑黛宁丽，你也许不记得我了，我却记得你：那天你在我们网站（<a target="_blank" href="http://www.cnncp.com/biz">www.sinotom.com</a>）上发布了贵方的的商业信息，那还是我审批的。当时就觉得你们的
							项目很有发展前途，可今早偶然间发现：你竟然已经有N多天没有重新发布你的商业信息了！为什么呢？<br>
                              <br>
                              发一条信息，只要10分钟，却能被数万商人看见！如果商机对口，买家就会直接找你联系，你怎么会错过这样的
							机会呢？ 
                              为了生意成功，可千万不能放过任何推广的机会啊。你看，我都着急了。<strong><a target="_blank" href="http://www.cnncp.com/biz">赶紧去发一发吧</a></font></a></strong><a target="_blank" href="http://www.sinotom.com">！</a><br>
                              <br>
                              操作上有问题，你直接来信找我，我一直在这里为你服务！<br>
                              <br>
                              天气寒冷，注意身体！顺祝商祺！</p>
                            <p align="right">你的朋友：蒋小丽</p></TD>
                        </TR></TBODY></TABLE>
                    <br>
                    <br>
                  </center></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=0 width=520 border=0>
  <TBODY>
  <TR>
      </TR></TBODY></TABLE>
  <TABLE style="BORDER-TOP: #ffffff 1px solid" cellSpacing=0 cellPadding=6 
width="100%" border=0>
  <TBODY>
  <TR>
    <TD class=M align=middle bgColor=#e89730><div align="center">
		<FONT 
      color=#ffffff>中国汤姆SINOTOM.网聚财富的力量！</FONT></div></TD></TR></TBODY></TABLE></CENTER></BODY></HTML>

[Tcpick-project] =?gb18030?Q?Re=3A_If_I_want_to_view_the_=22ESTABLI?= =?gb18030?Q?SHED=22_status_by_using_tcpick_=A3=AChow_should_?= =?gb18030?Q?I_do=A3=BF?=

[Francesco S. <dus...@de...>]

=CD=BF=B4=F3=D6=BE wrote:
> tcpick-project=A3=AC=C4=FA=BA=C3=A3=A1
>         I long for your answer=A1=A3Thanks=A3=A1

Hello,
I am sorry for my late answer. Tcpick automatically detects=20
ESTABLISHED status. If you want to display *only* that status you=20
can use the following shell command:

tcpick -i<your_interface> | grep ESTABLISHED

If you have problems (connections aren't detected as ESTABLISHED),=20
please say me which Operating System are you running.

-Francesco

[Tcpick-project] =?gb2312?B?SWYgSSB3YW50IHRvIHZpZXcgdGhlICJFU1RBQkxJU0hFRCIgc3RhdHVzIGJ5IHVzaW5nIHRjcGljayCjrGhvdyBzaG91bGQgSSBkb6O/?=

[<tu...@ff...>]

dGNwaWNrLXByb2plY3SjrMT6usOjoQ0KICAgICAgICBJIGxvbmcgZm9yIHlvdXIgYW5zd2VyoaNU
aGFua3OjoQ0KCQkNCg0KoaGhoaGhoaGhoaGhoaGhodbCDQrA8aOhDQogCQkJCQ0KDQqhoaGhoaGh
oaGhoaGhoaGhzb+089a+DQqhoaGhoaGhoaGhoaGhoaGhdHVkekBmZmNzLmZ1aml0c3UuY28uanAN
CqGhoaGhoaGhoaGhoaGhoaGhoaGhMjAwNS0wMS0yNQ0K

[Tcpick-project] tcpick 0.2.1 released

[Francesco S. <dus...@de...>]

md5sum:  bb94f2f9ea81aeb645619fbe9b3b9a29
size: 175871

This is a bugfix release


Changes:
18 Jan 2005 0.2.1
*****************

unchanged from 0.2.1-rc1

18 Jan 2005 0.2.1-rc1
*********************

      Michael Coulter (mjc:bitz.ca):

    * Fixed headers include order for OpenBSD

      Gianluigi Spagnuolo (kirash:phreaker.net):

    * Added sigaction function to handle signals in a proper way.

      Francesco Stablum (duskdruid:despammed.com):

    * Fixed -lpcap -lpcap etc. arguments to cc

    * Fixed SIGALRM freeze bug

    * Added setitimer workaround for *BSD systems (fork + sleep + kill)

    * Added -e option to exit when a certain number of packets is 
reached

    * Added atexit function

[Tcpick-project] tcpick 0.2.1-rc1 released

[Francesco S. <dus...@de...>]

md5sum: f85ef4e525530488da29cead1d6ed4d0
size: 175765 bytes

this is a bugfix release


Changes:
18 Jan 2005 0.2.1-rc1
*********************

      Michael Coulter (mjc:bitz.ca):

    * Fixed headers include order for OpenBSD

      Gianluigi Spagnuolo (kirash:phreaker.net):

    * Added sigaction function to handle signals in a proper way.

      Francesco Stablum (duskdruid:despammed.com):

    * Fixed -lpcap -lpcap etc. arguments to cc

    * Fixed SIGALRM freeze bug

    * Added setitimer workaround for *BSD systems (fork + sleep + kill)

    * Added -e option to exit when a certain number of packets is 
reached

    * Added atexit function