Skip to content
This repository has been archived by the owner. It is now read-only.

tcpflow 1.1.1 connection counter breaks Sguil's transcript window #254

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 11 comments
Closed

Comments

@GoogleCodeExporter
Copy link

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Either comment out the connection counter code in flow.cpp or look at a newer 
version which may be more configurable

Original issue reported on code.google.com by doug.bu...@gmail.com on 12 Apr 2012 at 3:20

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Should probably go with new version and use option:
-T%A.%a-%B.%b

Original comment by doug.bu...@gmail.com on 12 Apr 2012 at 3:32

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

[deleted comment]

3 similar comments
@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

[deleted comment]

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

[deleted comment]

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

[deleted comment]

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Download and compiled tcpflow 1.2.6 as follows:

wget https://github.com/downloads/simsong/tcpflow/tcpflow-1.2.6.tar.gz
tar zxvf tcpflow-1.2.6.tar.gz
cd tcpflow-1.2.6
./configure
make
sudo checkinstall
sudo mv securityonion-tcpflow_20120418-1_i386.deb ..
cd ..

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 6:33

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Created /usr/bin/tcpflow with the following content:

#!/bin/bash

/usr/local/bin/tcpflow -T%A.%a-%B.%b $@

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 6:36

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Made /usr/bin/tcpflow executable and packaged:

chmod +x /usr/bin/tcpflow

/usr/bin/fpm -s dir -t deb -n securityonion-tcpflow-no-tags -v 20120418 
/usr/bin/tcpflow 

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 6:36

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Added the following to security-onion-upgrade.sh:


sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120412" ]; then
        NEW="20120418"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

        for FILE in securityonion-tcpflow_20120418-1_i386.deb securityonion-tcpflow-no-tags_20120418_i386.deb; do
                echo -n "* Downloading $FILE..."                | $LOGGER
                wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
                if [ $? -eq 1 ]; then
                        echo "FAIL"     | $LOGGER
                        exit 1
                else
                        echo "OK"       | $LOGGER
                fi
        done

        echo -n "* Installing downloaded packages..." | $LOGGER
        dpkg -i *.deb                                           >> $LOG
        if [ $? -eq 1 ]; then
                echo "FAIL"     | $LOGGER
                exit 1
        else
                echo "OK"       | $LOGGER
        fi


    sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF        | $LOGGER
        echo "* Upgrade to $NEW complete."                      | $LOGGER
        echo 
fi

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 6:37

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Tested by:
Sunil Gupta
Heine Lysemose
Tom De Vries

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 1:49

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Published:
http://securityonion.blogspot.com/2012/04/security-onion-20120418-now-available.
html

Original comment by doug.bu...@gmail.com on 20 Apr 2012 at 1:49

  • Added labels: ****
  • Removed labels: ****

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant