Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

Freeware & Evaluations

Reply

Cannot replay capture file
JLeveillee
Adviser
Posts: 63

‎03-13-2015 06:19 AM

9027     0

Installed the test environment for DNS FW.  I have done a packet capture via the Grid Manager on a DNS server.  When I upload the traffic capture file and run it in the test environment I get an error message.  Any suggestion on how to fix this issue?  I also tried to upload the syslog I downloaded via Grid Manager and that did not work, either!

 

--- 2015-03-02 13:56:01 ---

Check Testbed:

Grid Master connection for DNSFW is OK

Reporting member connection is OK

DNS service is OK

NTP service is OK

Reporting service is OK

RPZ feed is synchronized

 

--- 2015-03-02 14:08:33 ---

File traffic.cap has been successfully uploaded

 

--- 2015-03-02 14:08:55 ---

Play PCAP file 'traffic.cap' with DNS IP 7.7.7.7:

Filtering pcap file...

reading from file /opt/uploads/packet_captures/traffic.cap, link-type LINUX_SLL (Linux cooked)

Rewriting dst ip/mac of packets in pcap file...

 

Fatal Error in tcpedit.c:tcpedit_packet() line 114:

From ./plugins/dlt_linuxsll/linuxsll.c:dlt_linuxsll_encode() line 219:

DLT_LINUX_SLL plugin does not support packet encoding

Error rewriting dst ip/mac

Reply
0 Kudos

Hi Jerry,
ems
Guru
Posts: 26

‎03-17-2015 10:12 AM

9028     0

Hi Jerry,

Thank you for posting your question.  I've reached out to a few people internally that should be responding shortly.  Feel free to reach out directly if needed to: erics @ infoblox (dot) com

Best,

Eric

 

Reply
0 Kudos

Hi Jerry, Spoke with one of our folks who recommended doi...
ems
Guru
Posts: 26

‎03-18-2015 03:33 PM

9028     0

 

Hi Jerry,

Spoke with one of our folks who recommended doing the following.  Please let us know if this resolved the issue for you.

1.  Convert the pcap file from LINUX_SLL to EN10MB format using tcprewrite:

tcprewrite --dlt=enet --infile=<input-pcapfile> --outfile=<output-pcapfile>

 

Then you should be able to upload the converted pcap file to the GuideVM and retry the playback.

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community