View Issue Details

IDProjectCategoryView StatusLast Update
0005129Kali Linux[All Projects] Kali Package Bugpublic2018-12-05 14:13
ReporterMister_XAssigned Tosbrun 
PrioritynormalSeverityminorReproducibilityhave not tried
Status feedbackResolutionopen 
Product Version2018.4 
Target VersionFixed in Version 
Summary0005129: xplico 1.2.1 example error opening files and ndpi issues
DescriptionWhen running the example on tools.kali.org, xplico -m rltm -i eth0, it throws a lot of errors on the screen and doesn't seem to do anything.

xplico v1.2.1
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2017 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.
Limits changed
Configuration file (/opt/xplico/cfg/xplico_cli.cfg) found!
Error Opening file
Error Opening file /opt/xplico/GeoLiteCity.dat
Error Opening file GeoIP.dat
Error Opening file
Error Opening file /opt/xplico/GeoLiteCity.dat
Error Opening file GeoIP.dat
Error Opening file
Error Opening file /opt/xplico/GeoLiteCity.dat
Error Opening file GeoIP.dat
[NDPI] ndpi_init_protocol_defaults(missing protoId=226) INTERNAL ERROR: not all protocols have been initialized
[NDPI] ndpi_init_protocol_defaults(missing protoId=226) INTERNAL ERROR: not all protocols have been initialized
Error Opening file
Error Opening file /opt/xplico/GeoLiteCity.dat
Error Opening file GeoIP.dat
Download GeoLiteCity.dat from http://geolite.maxmind.com/download/geoip/database/ and gunzip and see config files
Error Opening file
Error Opening file /opt/xplico/GeoLiteCity.dat
Error Opening file GeoIP.dat
^C

The GeoIP issues can be fixed by running the following commands:
cd /opt/xplico
./geolite_update.sh

There are still issues after that and the output looks like:

xplico v1.2.1
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2017 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.
Limits changed
Configuration file (/opt/xplico/cfg/xplico_cli.cfg) found!
Error Opening file
Error Opening file
Error Opening file
Error Opening file
Error Opening file
Error Opening file
[NDPI] ndpi_init_protocol_defaults(missing protoId=226) INTERNAL ERROR: not all protocols have been initialized
[NDPI] ndpi_init_protocol_defaults(missing protoId=226) INTERNAL ERROR: not all protocols have been initialized
Error Opening file
Error Opening file
Error Opening file
GeoIP Database found!
Error Opening file
^C


To reproduce:
apt install xplico
xplico -m rltm -i eth0

Activities

sbrun

2018-12-05 14:13

manager   ~0010076

I quickly checked xplico:

1. Yes the GeoIP database is not shipped in the package so we have to download it with the script geolite_update.sh. It's documented in README.Debian, maybe we can document it better.

2. the message about NDPI issue is harmless (it comes from ndpi, not xplico) and it will disappear with the new ndpi version
(See https://github.com/ntop/nDPI/issues/377).

3. it seems that the messages " Error Opening file" are generated by tests in xplico while searching the GeoIP database. Even when the database exists
we have these messages. I think it's confusing but as you got the message "GeoIP Database found!", xplico should work normally.
According to the README.md (/usr/share/dox/xplico/README.md) the command "xplico -m rltm -i eth0" is to decode eth0 in realtime.
To break acquisition: ^C. At the end of decoding files are in xdecode/ (should be in the current directory).
Could you check if you have decoding files in xdecode?

Issue History

Date Modified Username Field Change
2018-11-29 22:43 Mister_X New Issue
2018-12-05 14:13 sbrun Assigned To => sbrun
2018-12-05 14:13 sbrun Status new => feedback
2018-12-05 14:13 sbrun Note Added: 0010076