On 29 February 2012 13:26, Joshua Wright <[email protected]> wrote: > On 2/29/2012 7:22 AM, Robin Wood wrote: >> >> Hi >> Is anyone still using Hamster and Ferret? I was trying to play with it >> but ferret just keeps seg faulting on me and so never gives any data >> to hamster. This is the crash: >> >> $ ./ferret -r sniff-2012-02-29-eth.pcap >> [0] ./ferret >> [1] -r >> [2] sniff-2012-02-29-eth.pcap >> -- FERRET 1.2.0 - 2008 (c) Errata Security >> -- build = Feb 28 2012 15:07:17 (64-bits) >> -- libpcap version 1.2.1 >> sniff-2012-02-29-eth.pcap >> proto="DNS", query="A", ip.src=[192.168.0.2], name="bsides.2bli2.com" >> unknown record type >> Segmentation fault >> >> From the debugging I've managed to do it looks like something to do >> with the unknown record type getting parsed somewhere and causing the >> problem but my C isn't good enough to work out what the unknown record >> is and how to kill it off before it gets parsed. > > > You need to compile it with the "-g3 -ggdb" flags, then run it inside gdb. > Something like: > > # gdb ferret > gdb> run -r sniff-2012-02-29-eth.pcap > > When it crashes, issue a "bt" to show the backtrace of where it crashed. > You can probably just comment out the DNS parser.
I'll give it a go. I really need to learn to debug things on this level, I can do scripts any day but never got round to learning gdb. > I use WiFiSheep on my Kindle Fire for an alternative catch-all-cookies > sidejacking attack. Otherwise I use Firesheep with Firefox 3.6.12 and write > my own handlers. I'll give it a try. I missed getting in on the hype of Firesheep so never really played with it, I thought it just did the sites it knew about rather than any site. Robin > -Josh > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
