View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0005129Kali LinuxKali Package Bugpublic2018-11-29 22:432019-08-19 15:36
ReporterMister_X Assigned Tosbrun  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version2018.4 
Fixed in Version2019.3 
Summary0005129: xplico 1.2.1 example error opening files and ndpi issues
Description

When running the example on tools.kali.org, xplico -m rltm -i eth0, it throws a lot of errors on the screen and doesn't seem to do anything.

xplico v1.2.1
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2017 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.
Limits changed
Configuration file (/opt/xplico/cfg/xplico_cli.cfg) found!
Error Opening file
Error Opening file /opt/xplico/GeoLiteCity.dat
Error Opening file GeoIP.dat
Error Opening file
Error Opening file /opt/xplico/GeoLiteCity.dat
Error Opening file GeoIP.dat
Error Opening file
Error Opening file /opt/xplico/GeoLiteCity.dat
Error Opening file GeoIP.dat
[NDPI] ndpi_init_protocol_defaults(missing protoId=226) INTERNAL ERROR: not all protocols have been initialized
[NDPI] ndpi_init_protocol_defaults(missing protoId=226) INTERNAL ERROR: not all protocols have been initialized
Error Opening file
Error Opening file /opt/xplico/GeoLiteCity.dat
Error Opening file GeoIP.dat
Download GeoLiteCity.dat from http://geolite.maxmind.com/download/geoip/database/ and gunzip and see config files
Error Opening file
Error Opening file /opt/xplico/GeoLiteCity.dat
Error Opening file GeoIP.dat
^C

The GeoIP issues can be fixed by running the following commands:
cd /opt/xplico
./geolite_update.sh

There are still issues after that and the output looks like:

xplico v1.2.1
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2017 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.
Limits changed
Configuration file (/opt/xplico/cfg/xplico_cli.cfg) found!
Error Opening file
Error Opening file
Error Opening file
Error Opening file
Error Opening file
Error Opening file
[NDPI] ndpi_init_protocol_defaults(missing protoId=226) INTERNAL ERROR: not all protocols have been initialized
[NDPI] ndpi_init_protocol_defaults(missing protoId=226) INTERNAL ERROR: not all protocols have been initialized
Error Opening file
Error Opening file
Error Opening file
GeoIP Database found!
Error Opening file
^C

To reproduce:
apt install xplico
xplico -m rltm -i eth0

Activities

sbrun

sbrun

2018-12-05 14:13

manager   ~0010076

I quickly checked xplico:

  1. Yes the GeoIP database is not shipped in the package so we have to download it with the script geolite_update.sh. It's documented in README.Debian, maybe we can document it better.

  2. the message about NDPI issue is harmless (it comes from ndpi, not xplico) and it will disappear with the new ndpi version
    (See https://github.com/ntop/nDPI/issues/377).

  3. it seems that the messages " Error Opening file" are generated by tests in xplico while searching the GeoIP database. Even when the database exists
    we have these messages. I think it's confusing but as you got the message "GeoIP Database found!", xplico should work normally.
    According to the README.md (/usr/share/dox/xplico/README.md) the command "xplico -m rltm -i eth0" is to decode eth0 in realtime.
    To break acquisition: ^C. At the end of decoding files are in xdecode/ (should be in the current directory).
    Could you check if you have decoding files in xdecode?
sbrun

sbrun

2019-08-19 15:36

manager   ~0010907

new version 1.2.2-0kali2:
we add a more explicit message about the missing databases and how to download them.
The " Error Opening file " and NDPI warnings have been removed.

Issue History

Date Modified Username Field Change
2018-11-29 22:43 Mister_X New Issue
2018-12-05 14:13 sbrun Assigned To => sbrun
2018-12-05 14:13 sbrun Status new => feedback
2018-12-05 14:13 sbrun Note Added: 0010076
2019-08-19 15:36 sbrun Status feedback => resolved
2019-08-19 15:36 sbrun Resolution open => fixed
2019-08-19 15:36 sbrun Fixed in Version => 2019.3
2019-08-19 15:36 sbrun Note Added: 0010907