Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

packetcapr shows wrong IP #1

Open
mehran-a opened this issue Feb 8, 2018 · 3 comments
Open

packetcapr shows wrong IP #1

mehran-a opened this issue Feb 8, 2018 · 3 comments
Assignees
@Woutifier

Comments

@mehran-a
Copy link

mehran-a commented Feb 8, 2018

Hello,

packetcapr in server mode splits the actual IP to two halves!
Following is a capture of response from 8.8.8.8

# ./packetcapr -v --server-mode
Process is running. Type q<enter> to quit.
TEST|1518044936|114.229.8.8|8.8.174.137|60059|4242
@Woutifier
Copy link
Owner

Woutifier commented Feb 8, 2018
edited
Loading

That looks pretty wrong indeed. Do you have a pcap file of the particular packet that causes this behaviour for debugging?

The code that takes the IPs from the packet is pretty naive. If I have time it would probably help to use a library to parse the packets.

@mehran-a
Copy link
Author

mehran-a commented Feb 9, 2018

Tested on another machine and it's working properly on it!

Working machine:

# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 8.5 (jessie)
Release:        8.5
Codename:       jessie

# cargo build --release
   Compiling language-tags v0.2.2
   Compiling percent-encoding v1.0.0
   Compiling traitobject v0.1.0
   Compiling argparse v0.2.1
   Compiling httparse v1.2.3
   Compiling version_check v0.1.3
   Compiling matches v0.1.6
   Compiling typeable v0.1.2
   Compiling byteorder v1.1.0
   Compiling safemem v0.2.0
   Compiling log v0.3.8
   Compiling pcap v0.7.0
   Compiling rustc-serialize v0.3.24
   Compiling unicode-normalization v0.1.5
   Compiling libc v0.2.30
   Compiling unicode-bidi v0.3.4
   Compiling base64 v0.6.0
   Compiling mime v0.2.6
   Compiling unicase v1.4.2
   Compiling num_cpus v1.6.2
   Compiling time v0.1.38
   Compiling idna v0.1.4
   Compiling url v1.5.1
   Compiling hyper v0.10.13
   Compiling packetcapr v0.1.2 (file:///root/verfploeter/packetcapr-packetcapr.v0.1.5-alpha)
    Finished release [optimized] target(s) in 47.93 secs

The machine which has problem:

# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)

# cargo build --release
   Compiling argparse v0.2.1
   Compiling unicode-normalization v0.1.5
   Compiling traitobject v0.1.0
   Compiling percent-encoding v1.0.0
   Compiling rustc-serialize v0.3.24
   Compiling httparse v1.2.3
   Compiling libc v0.2.30
   Compiling log v0.3.8
   Compiling matches v0.1.6
   Compiling byteorder v1.1.0
   Compiling pcap v0.7.0
   Compiling version_check v0.1.3
   Compiling language-tags v0.2.2
   Compiling typeable v0.1.2
   Compiling safemem v0.2.0
   Compiling unicode-bidi v0.3.4
   Compiling mime v0.2.6
   Compiling base64 v0.6.0
   Compiling num_cpus v1.6.2
   Compiling time v0.1.38
   Compiling unicase v1.4.2
   Compiling idna v0.1.4
   Compiling url v1.5.1
   Compiling hyper v0.10.13
   Compiling packetcapr v0.1.2 (file:///root/verfploeter/packetcapr-packetcapr.v0.1.5-alpha)
    Finished release [optimized] target(s) in 48.82 secs

I hope that helps

@Woutifier
Copy link
Owner

Very odd, it seems it somehow swapped around half of the IP addresses, but so far I can't come up with a reason why that would happen.

@Woutifier Woutifier self-assigned this Feb 12, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Woutifier Woutifier

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Woutifier @mehran-a