Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

Update tcpflow #148

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 8 comments
Closed

Update tcpflow #148

GoogleCodeExporter opened this issue Mar 24, 2015 · 8 comments

Comments

@GoogleCodeExporter
Copy link

http://afflib.org/software/tcpflow

Original issue reported on code.google.com by doug.bu...@gmail.com on 9 Nov 2011 at 7:27

@GoogleCodeExporter
Copy link
Author

[deleted comment]

@GoogleCodeExporter
Copy link
Author

Hi Simson,

I was excited to see that you had picked up tcpflow and are adding new
features!  Thanks for your work on this, especially the IPv6 and VLAN
support!

I downloaded 1.1.0 from your site and compiled it.  I then noticed
that when running with "-cr", it's prepending a "./" to the IP address
line.

For example, here's the old version of tcpflow:
tcpflow.old -cr my.pcap |head -1
080.252.125.010.00080-172.020.016.041.57407: HTTP/1.0 302 Moved Temporarily

And here's 1.1.0 with the "./":
tcpflow -cr my.pcap |head -1
./080.252.125.010.00080-172.020.016.041.57407: HTTP/1.0 302 Moved Temporarily

Is this expected behavior?  Is there any way to disable it?

Thanks,


Simson Garfinkel
7:49 AM (50 minutes ago)

to me 
Whoops. I'll fix it. Thanks for the report.

Original comment by doug.bu...@gmail.com on 9 Feb 2012 at 1:39

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

Simson Garfinkel
9:53 AM (2 minutes ago)

Fixed in 1.1.1, which is just released.
Thanks again for the bug report.

Original comment by doug.bu...@gmail.com on 23 Feb 2012 at 2:58

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

Commented out the following code in flow.cpp to make Sguil happy:

    if(vlan!=NO_VLAN){
    ss << "--" << vlan;
    }

Original comment by doug.bu...@gmail.com on 28 Feb 2012 at 1:03

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

Compiled and packaged:

./configure --prefix=/usr
make
checkinstall

Original comment by doug.bu...@gmail.com on 28 Feb 2012 at 1:03

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

Added the following to security-onion-upgrade.sh:


sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120222" ]; then
        NEW="20120224"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

    apt-get -y remove tcpflow               >> $LOG

        echo "* Installing new pcap_agent.tcl"                  | $LOGGER
        FILE=securityonion-pcap-agent_"$NEW"_i386.deb
        wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
        dpkg -i $FILE                                           | $LOGGER

        echo "* Installing new tcpflow"                     | $LOGGER
        FILE=securityonion-tcpflow_"$NEW"-1_i386.deb
        wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
        dpkg -i $FILE                                           | $LOGGER

    nsm_sensor_ps-restart --only-pcap-agent

        sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF        | $LOGGER
        echo "* Upgrade to $NEW complete."                      | $LOGGER
        echo 
fi

Original comment by doug.bu...@gmail.com on 28 Feb 2012 at 1:04

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

Tested by:
Doug Burks
Liam Randall
Scott Runnels

Original comment by doug.bu...@gmail.com on 28 Feb 2012 at 1:06

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

Published:
http://securityonion.blogspot.com/2012/02/security-onion-20120224-now-available.
html

Original comment by doug.bu...@gmail.com on 28 Feb 2012 at 8:03

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant