Bugtraq mailing list archives
tcpdump under RedHat 6.1
From: deraison () CVS NESSUS ORG (Renaud Deraison)
Date: Sat, 9 Oct 1999 10:32:47 +0200
RedHat 6.1 comes bundled with a modified version of tcpdump, which has the ability to listen on all the interfaces at once, which is nice. However, the output format has changed. Whereas a typical tcpdump line was : time source.port > dest.port:[.....] It is now : time interface > source.port > dest.port:[....] or time interface < source.port > dest.port:[....] If you explicitely ask tcpdump to listen on one interface, the output will be : time > source.port > dest.port:[....] or time < source.port > dest.port:[....] Also, the 'port' is no longer a numeric value. It is taken from /etc/services, even with the -n option set. This new behavior will make a lot of programs that use tcpdump's output panic or produce bogus output. I think shadow is affected, but it's not the only one. I have been looking through the man page, and I could not find an option to issue a backward compatible output. What is worst is that tcpdump --version will show up the same version numbers (3.4) than the older tcpdumps, so this problem will only be detected at runtime. So, if you have written your own custom scripts or if some of the programs you use are relying on tcpdump, then install the tcpdump that comes bundled with RH 6.0, or modify your scripts so that they can handle this modification. -- Renaud (apologies if this was already known) -- Renaud Deraison The Nessus Project http://www.nessus.org
Current thread:
- Re: RFP9903: AeDebug vulnerability David LeBlanc (Oct 03)
- Re: RFP9903: AeDebug vulnerability .rain.forest.puppy. (Oct 03)
- Re: RFP9903: AeDebug vulnerability Pete Deuel (Oct 05)
- NetScreen Brain-deadness... Ash (Oct 05)
- RH6.0 local/remote command execution Neezam Haniff (Oct 06)
- Re: RH6.0 local/remote command execution D (Oct 08)
- tcpdump under RedHat 6.1 Renaud Deraison (Oct 09)
- Re: NetScreen Brain-deadness... Dave McPike (Oct 06)
- RH6.0 local/remote command execution Neezam Haniff (Oct 06)
- Re: RFP9903: AeDebug vulnerability Stefan Norberg (Oct 06)
- <Possible follow-ups>
- Re: RFP9903: AeDebug vulnerability Todd Sabin (Oct 05)
- Re: RFP9903: AeDebug vulnerability David LeBlanc (Oct 05)
- Re: RFP9903: AeDebug vulnerability Joe Melhado (Oct 06)
- Re: RFP9903: AeDebug vulnerability Enno Rey (Oct 07)