filternetz / nfex Goto Github PK

What steps will reproduce the problem?
1. The required libnet does not seem to have any code at
hg clone https://code.google.com/p/libnet/
It appears to create an empty repository.  Any idea where I can get a copy?
2.
3.

What is the expected output? What do you see instead?
Was expecting to find the dependency where specified.

What version of the product are you using? On what operating system?
Ubuntu 12.04.

Please provide any additional information below.
Just missing a dependency - nfex looks like it will build if I can get a copy 
of libnet.

What steps will reproduce the problem?
1.enabled doc file capturing
2. I sent mail including doc file  

What is the expected output? What do you see instead?

The output is;

config file:    /usr/local/etc/nfex/nfex.conf
device          rl0
pcap filter:    tcp
index file:     59052-index.txt
verbosity on
program initialized, now the game can start...
running-time:                   1 minute 18 seconds
packets churned:                22574
bytes churned:                  13842123
files extracted:                0
packet errors:                  0
extraction errors:              0
program completed, normal exit



What version of the product are you using? On what operating system?

nfex v2.5, Freebsd 7.4 

Please provide any additional information below.

jpg capture works well

What steps will reproduce the problem?

$ nfex_exe_pp ftp.log.0
clamav: intializing...
clamav: loaded 3350663 signatures...
bad logfile entry: no timestamp, skipping...
bad logfile entry: no src_ip, skipping...
bad logfile entry: no timestamp, skipping...
bad logfile entry: no timestamp, skipping...
bad logfile entry: no timestamp, skipping...
bad logfile entry: no timestamp, skipping...
bad logfile entry: no timestamp, skipping...
bad logfile entry: no timestamp, skipping...
can't open : No such file or directory
bad logfile entry: no timestamp, skipping...
bad logfile entry: no timestamp, skipping...
program completed, normal exit

and it removes the file...
same with pcap file from honeynet challenge 1

What is the expected output? What do you see instead?
finding a file matching a signature
not erasing file


What version of the product are you using? On what operating system?
Macos 10.9.2, r20 from macports

Please provide any additional information below.

What steps will reproduce the problem?
1. ./configure
2. make
3.      printf("bytes churned:\t\t\t%lld\n", ncc->stats.total_bytes);
     ^
mv -f .deps/asynch.Tpo .deps/asynch.Po
gcc -D_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -ggdb   -o nfex main.o packet.o 
init.o hash.o util.o confy.o confl.o conf.o search.o extract.o asynch.o  -lm 
-lfl 
init.o: dans la fonction « control_context_init »:
/home/test/Bureau/nfex-master/nfex-master/src/init.c:83: référence indéfinie 
vers « pcap_open_offline »
/home/test/Bureau/nfex-master/nfex-master/src/init.c:90: référence indéfinie 
vers « pcap_get_selectable_fd »
/home/test/Bureau/nfex-master/nfex-master/src/init.c:117: référence 
indéfinie vers « pcap_lookupdev »
/home/test/Bureau/nfex-master/nfex-master/src/init.c:126: référence 
indéfinie vers « pcap_lookupnet »
/home/test/Bureau/nfex-master/nfex-master/src/init.c:134: référence 
indéfinie vers « pcap_open_live »
/home/test/Bureau/nfex-master/nfex-master/src/init.c:140: référence 
indéfinie vers « pcap_fileno »
/home/test/Bureau/nfex-master/nfex-master/src/init.c:144: référence 
indéfinie vers « pcap_compile »
/home/test/Bureau/nfex-master/nfex-master/src/init.c:146: référence 
indéfinie vers « pcap_geterr »
/home/test/Bureau/nfex-master/nfex-master/src/init.c:151: référence 
indéfinie vers « pcap_setfilter »
/home/test/Bureau/nfex-master/nfex-master/src/init.c:153: référence 
indéfinie vers « pcap_geterr »
init.o: dans la fonction « control_context_destroy »:
/home/test/Bureau/nfex-master/nfex-master/src/init.c:283: référence 
indéfinie vers « pcap_close »
asynch.o: dans la fonction « the_game »:
/home/test/Bureau/nfex-master/nfex-master/src/asynch.c:29: référence 
indéfinie vers « pcap_dispatch »
/home/test/Bureau/nfex-master/nfex-master/src/asynch.c:48: référence 
indéfinie vers « pcap_geterr »
/home/test/Bureau/nfex-master/nfex-master/src/asynch.c:75: référence 
indéfinie vers « pcap_dispatch »
collect2: error: ld returned 1 exit status
make[1]: *** [nfex] Erreur 1
make[1]: quittant le répertoire « 
/home/test/Bureau/nfex-master/nfex-master/src »
make: *** [all-recursive] Erreur 1


What is the expected output? What do you see instead?
I expect to see no erros from configure script


What version of the product are you using? On what operating system?
Ubuntu 14.04 LTS (VM)

Please provide any additional information below.
If is normal, how using nflex in real-times mode?

What steps will reproduce the problem?
./configure && make

What is the expected output? What do you see instead?
I expect to see no erros from configure script

What version of the product are you using? On what operating system?
nfex latest version (2/14/2012), 
$uname -ovri
3.2.5-3.fc16.x86_64 #1 SMP Thu Feb 9 01:24:38 UTC 2012 x86_64 GNU/Linux

It seems like yywrap is related to flex, but i cannot seem to find a flex-dev 
or flex-devel that may contain the referenced object.

What steps will reproduce the problem?
---------------------------------------
1. svn checkout http://nfex.googlecode.com/svn/trunk/ nfex-read-only
2. ./configure
3. make

What is the expected output? What do you see instead?
------------------------------------------------------
The build fails with these errors:

root@EMEPVDLPTST02:~/nfex/nfex-read-only# make
Making all in src
make[1]: Entering directory `/root/nfex/nfex-read-only/src'
/bin/bash ../ylwrap confl.l .c confl.c -- :
make[1]: *** [confl.c] Error 1
make[1]: Leaving directory `/root/nfex/nfex-read-only/src'
make: *** [all-recursive] Error 1


What version of the product are you using? On what operating system?
---------------------------------------------------------------------
The version under http://code.google.com/p/nfex/source/checkout
On an Ubuntu 11.10 VM
Lex, bison, libnet-dev and libpcap-dev are already installed here

Please provide any additional information below.
-------------------------------------------------
I am writing a reporting tool that sniffs printer traffic and reconstructs the 
printed files from the pcap files. I thought this was my holy grail, but I 
can't build it! Please help!!

What steps will reproduce the problem?
1. Get a Pcap with wireshark and a transfer of a jar file (it may work with 
other filetypes)
2. Try nfex to extract the file
3. Compare the timestamp in the index file generated by nfex and in wireshark 
(why they differ of one hour??)

What is the expected output? What do you see instead?
the expected output is the same timestamp of wireshark, I see a timestamp with 
one hour less

What version of the product are you using? On what operating system?
Revision 20 from read-only version, Ubuntu 12.04 64bit

Please provide any additional information below.

What steps will reproduce the problem?
1. ./configure && make
2. sudo make install

What is the expected output? What do you see instead?
make: Nothing to be done for `install'.


What version of the product are you using? On what operating system?
most recent on kali linux 1.0.6

Please provide any additional information below.
After installing dependencies, ./configure && make ran fine. Then, I tried sudo 
make install and got the above message? I'd love to use this program. Please 
help! :)

What steps will reproduce the problem?
1.
Install on Macos (10.9.2) with macports (https://trac.macports.org/ticket/43573 
nfex r20)
2.
$ nfex -f attack-trace.pcap -c /opt/local/etc/nfex.conf -v
nfex - realtime network file extraction engine
loading configuration file...
 1 exe search code compiled (10000000 byte max)
Abort trap: 6
(pcap from http://honeynet.org/node/504)

What is the expected output? What do you see instead?
extraction of executable file



What version of the product are you using? On what operating system?
Macos 10.9.2

Please provide any additional information below.
A test run in the Makefile would be a nice addition to ensure good execution

gdb doesn't help much sadly

$ ggdb 
/Volumes/Data/opt/local/var/macports/build/_Volumes_Data_myports_security_nfex/n
fex/work/trunk/src/nfex 
GNU gdb (GDB) 7.6
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin13.0.0".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from 
/Volumes/Data/opt/local/var/macports/build/_Volumes_Data_myports_security_nfex/n
fex/work/trunk/src/nfex...done.
(gdb) run -f attack-trace.pcap_ -c /opt/local/etc/nfex.conf -v
Starting program: 
/Volumes/Data/opt/local/var/macports/build/_Volumes_Data_myports_security_nfex/n
fex/work/trunk/src/nfex -f attack-trace.pcap_ -c /opt/local/etc/nfex.conf -v
nfex - realtime network file extraction engine
loading configuration file...
 1 exe search code compiled (10000000 byte max)

Program received signal SIGABRT, Aborted.
0x00007fff86ec0866 in ?? ()
(gdb) bt
#0  0x00007fff86ec0866 in ?? ()
#1  0x00007fff9363d35c in ?? ()
#2  0x0000000000000000 in ?? ()

better if using gdb-apple

nfex - realtime network file extraction engine
loading configuration file...
 1 exe search code compiled (10000000 byte max)

Program received signal SIGABRT, Aborted.
0x00007fff86ec0866 in __pthread_kill ()
(gdb) bt
#0  0x00007fff86ec0866 in __pthread_kill ()
#1  0x00007fff9363d35c in pthread_kill ()
#2  0x00007fff93d0cb1a in abort ()
#3  0x00007fff93d0cc91 in abort_report_np ()
#4  0x00007fff93d30860 in __chk_fail ()
#5  0x00007fff93d30830 in __chk_fail_overflow ()
#6  0x00007fff93d30b6e in __snprintf_chk ()
#7  0x0000000100002b22 in control_context_init (output_dir=<value temporarily 
unavailable, due to optimizations>, yyinfname=<value temporarily unavailable, 
due to optimizations>, device=<value temporarily unavailable, due to 
optimizations>, capfname=<value temporarily unavailable, due to optimizations>, 
geoip_data=0x7fff5fbff0e0 "", bpf=0x7fff5fbfefe0 "tcp", flags=1, errbuf=<value 
temporarily unavailable, due to optimizations>) at init.c:203
#8  0x00000001000024ba in main (argc=<value temporarily unavailable, due to 
optimizations>, argv=0x7fff5fbff2b0) at main.c:104