Does nothing on OSX
Brought to you by:
harbourn
Menu
▾
▴
#3 Does nothing on OSX
Well, everything is built and pretty... Except it
dosen't do anything.
I run it with:
sudo ./tcpxtract -c tcpxtract.conf -d en1 -o out/
(where out is a dir I just made) and nothing happens.
I go to a few web pages then check the out dir and
there is nothing there... I've also tried transfering
some obvious file types (jpg, png, html, etc) and
nothing comes up.
I'm assuming its going to be hard for you to test/fix
this, so if you could give me somewhere to start I'll
see what I can do.
Logged In: NO
Could it be that it requies little-endian pcap files?
Logged In: YES
user_id=937661
I don't think it would... I think I tried using a pcap file
created (on my mac) with tcpdump... I get the same problem
with -d en1 (which I would assume would use the right
endian-ness).
Logged In: NO
Hmm, I have tried it on Debian on the Mac (PowerPC G3,
debian 2.4.18) and it also doesnt work there. Same issue -
no feedback at all. Copying the same file to my FreeBSD
Pentium 2 computer resulted in all files being extracted
properly.
Very strange indeed
Logged In: NO
Okay,it seems the problem lies in the got_packet routine.
When I change the line
if (ethernet->ether_type != 0x08) /* I think 0x08 is IP, at least it looks that
way */
into
if (ethernet->ether_type != 0x0800)
I get a recognition of a HTML file (followed by a bus error).
It appears that the packets are not properly decoded so I will try to see if I can
see what the problem is exactly and write a patch