-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Write to pcap don't rotate and it was impossible to write into a pipe #55
Comments
Hi, Here is a quick fix that adds FIFO support for PCAP output: Can you give it a try ? |
Hi,
Not working:
$ /usr/local/sbin/ssldump
PCAP: socket: Socket type not supported
ERROR: Aborting
$ /usr/local/sbin/ssldump -v
ssldump 1.4
Maintained by a bunch of volunteers, see https://github.com/adulau/ssldump/blob/master/CREDITS
Copyright (C) 2015-2021 the aforementioned volunteers
Copyright (C) 1998-2001 RTFM, Inc.
All rights reserved.
Compiled with OpenSSL: decryption enabled
$ /usr/local/sbin/ssldump port 636
PCAP: socket: Socket type not supported
ERROR: Aborting
From: wllm-rbnt ***@***.***>
Sent: Friday, 18 June, 2021 17:37
To: adulau/ssldump ***@***.***>
Cc: De Luca Michele ***@***.***>; Author ***@***.***>
Subject: Re: [adulau/ssldump] Write to pcap don't rotate and it was impossible to write into a pipe (#55)
Hi,
Here is a quick fix that adds FIFO support for PCAP output:
***@***.***<wllm-rbnt@4a6fcb5>
Can you give it a try ?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#55 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABIKM23QXY4UJHNTY6WMDBDTTNR2XANCNFSM463RQICQ>.
|
Hi, I can't reproduce the error you reported.
In a second terminal, I run:
I have the session decoding on the first terminal, and the flow of packets on the second one. |
Hi, I try into our system that was RHEL 7.9 but there was some incompatible library version:
./ssldump: /lib64/libssl.so.1.1: version `OPENSSL_1_1_0' not found (required by ./ssldump)
./ssldump: /lib64/libcrypto.so.1.1: version `OPENSSL_1_1_0' not found (required by ./ssldump)
libpcap.so.0.8 => not found
libjson-c.so.4 => not found
it was possible to compile into rhel 7.9 (centos 7.9)?
From: wllm-rbnt ***@***.***>
Sent: Friday, 25 June, 2021 09:03
To: adulau/ssldump ***@***.***>
Cc: De Luca Michele ***@***.***>; Author ***@***.***>
Subject: Re: [adulau/ssldump] Write to pcap don't rotate and it was impossible to write into a pipe (#55)
Hi, I can't reproduce the error you reported.
Here is how I test my patch (on Debian Buster):
$ git clone -b dev https://github.com/wllm-rbnt/ssldump.git
$ cd ssldump
$ ./autogen.sh
$ ./configure
$ make
$ mkfifo test.pcap; sudo ./ssldump -n -i any -w test.pcap
In a second terminal, I run:
$ sudo tcpdump -n -r test.pcap
I have the session decoding on the first terminal, and the flow of packets on the second one.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#55 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABIKM2YWXT5LUEVCE2PLKQDTUQS3TANCNFSM463RQICQ>.
|
Here is a recipe to build it on RHEL/Centos 7.9. You will need a recent version of openssl.
|
HI,
Because on RHEL 7 there was a version of ssldump (1.13b) compiled with the openssl version 1.0.2 do you think is possible to modify some configuration on build system to adopt this version?
From: wllm-rbnt ***@***.***>
Sent: Friday, 25 June, 2021 18:03
To: adulau/ssldump ***@***.***>
Cc: De Luca Michele ***@***.***>; Author ***@***.***>
Subject: Re: [adulau/ssldump] Write to pcap don't rotate and it was impossible to write into a pipe (#55)
Here is a recipe to build it on RHEL/Centos 7.9. You will need a recent version of openssl.
I've never tested it on this version of the distro, you might encounter bugs at runtime.
$ sudo yum install git autoconf automake gcc make libpcap-devel libnet-devel json-c-devel tmux wget
$ wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz
$ tar xvfz openssl-1.1.1k.tar.gz
$ cd openssl-1.1.1k
$ ./config
$ make
$ make install
$ cd ..
$ echo "/usr/local/lib64" | sudo tee /etc/ld.so.conf.d/openssl.conf
$ sudo ldconfig
$ git clone -b dev https://github.com/wllm-rbnt/ssldump.git
$ cd ssldump
$ ./autogen.sh
$ ./configure CPPFLAGS="-D_BSD_SOURCE=1"
$ make
$ sudo ./ssldump -n -i eth0
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#55 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABIKM2ZXD7WGIDT2IOL7QA3TUSSCJANCNFSM463RQICQ>.
|
I compile the latest ssldump from source into a rhel 7. thanks. |
Hi,
I am trying to write the outout pcap into a named pipe:
$ ssldump -v
ssldump 1.4b
Maintained by a bunch of volunteers, see https://github.com/adulau/ssldump/blob/master/CREDITS
Copyright (C) 2015-2021 the aforementioned volunteers
Copyright (C) 1998-2001 RTFM, Inc.
All rights reserved.
Compiled with OpenSSL: decryption enabled
$ mkfifo pcap_test.pcap
$ ls -ltr pcap_test.pcap
prw-r--r-- 1 root root 0 Jun 17 14:13 pcap_test.pcap
$ ssldump -w pcap_test.pcap
Can not open/create out pcap pcap_test.pcap
it possible to write the output packet into a pipe?
In alternative it was possible to rolling the pcap output file on size/time?
We would like to run a "continuos" packet capture/decode and read it only when we have some trouble.
thanks.
The text was updated successfully, but these errors were encountered: