bugzilla-daemon at netfilter.org
2018-Jan-27 09:53 UTC
[Bug 1218] New: ULOGD PCAP Plugin Missing Ethernet Headers
https://bugzilla.netfilter.org/show_bug.cgi?id=1218
Bug ID: 1218
Summary: ULOGD PCAP Plugin Missing Ethernet Headers
Product: ulogd
Version: SVN (please provide timestamp)
Hardware: All
OS: All
Status: NEW
Severity: blocker
Priority: P5
Component: ulogd
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: djcanadianjeff at gmail.com
With these settings the pcap file is created but missing headers so can not use
with wireshark?
[global]
logfile="/var/log/ulogd.log"
loglevel=5
rmem=131071
bufsize=150000
plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
#plugin="/usr/lib/ulogd/ulogd_inpflow_NFCT.so"
plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2BIN.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2HBIN.so"
plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
plugin="/usr/lib/ulogd/ulogd_filter_HWHDR.so"
plugin="/usr/lib/ulogd/ulogd_filter_PRINTFLOW.so"
plugin="/usr/lib/ulogd/ulogd_filter_MARK.so"
plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so"
plugin="/usr/lib/ulogd/ulogd_output_SQLITE3.so"
plugin="/usr/lib/ulogd/ulogd_output_PCAP.so"
#plugin="/usr/lib/ulogd/ulogd_output_MYSQL.so"
plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
plugin="/usr/lib/ulogd/ulogd_output_JSON.so"
stack=log1:NFLOG,base1:BASE,pcap1:PCAP
[log1]
group=0
netlink_socket_buffer_size=217088
netlink_socket_buffer_maxsize=1085440
#netlink_qthreshold=1
#netlink_qtimeout=100
[pcap1]
file="/var/log/ulogd.pcap"
sync=1
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180127/c37e0c41/attachment.html>
bugzilla-daemon at netfilter.org
2018-Jan-27 09:58 UTC
[Bug 1218] ULOGD PCAP Plugin Missing Ethernet Headers
https://bugzilla.netfilter.org/show_bug.cgi?id=1218
djcanadianjeff at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #1 from djcanadianjeff at gmail.com ---
nevermind I was doing it wrong
my first attempt I tried using GNU DD + NCAT to pipe the pcap into wireshark
UDP listener on 5555 and it did not capture the headers properly but sending
the file to the PC running wireshark and opening the pcap works
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180127/5a999b4c/attachment.html>