Write to pcap don't rotate and it was impossible to write into a pipe about ssldump HOT 7 CLOSED

Hi, Not working: $ /usr/local/sbin/ssldump PCAP: socket: Socket type not supported ERROR: Aborting $ /usr/local/sbin/ssldump -v ssldump 1.4 Maintained by a bunch of volunteers, see https://github.com/adulau/ssldump/blob/master/CREDITS Copyright (C) 2015-2021 the aforementioned volunteers Copyright (C) 1998-2001 RTFM, Inc. All rights reserved. Compiled with OpenSSL: decryption enabled $ /usr/local/sbin/ssldump port 636 PCAP: socket: Socket type not supported ERROR: Aborting From: wllm-rbnt ***@***.***> Sent: Friday, 18 June, 2021 17:37 To: adulau/ssldump ***@***.***> Cc: De Luca Michele ***@***.***>; Author ***@***.***> Subject: Re: [adulau/ssldump] Write to pcap don't rotate and it was impossible to write into a pipe (#55) Hi, Here is a quick fix that adds FIFO support for PCAP output: ***@***.***<wllm-rbnt@4a6fcb5> Can you give it a try ? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#55 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABIKM23QXY4UJHNTY6WMDBDTTNR2XANCNFSM463RQICQ>.

Hi, I try into our system that was RHEL 7.9 but there was some incompatible library version: ./ssldump: /lib64/libssl.so.1.1: version `OPENSSL_1_1_0' not found (required by ./ssldump) ./ssldump: /lib64/libcrypto.so.1.1: version `OPENSSL_1_1_0' not found (required by ./ssldump) libpcap.so.0.8 => not found libjson-c.so.4 => not found it was possible to compile into rhel 7.9 (centos 7.9)? From: wllm-rbnt ***@***.***> Sent: Friday, 25 June, 2021 09:03 To: adulau/ssldump ***@***.***> Cc: De Luca Michele ***@***.***>; Author ***@***.***> Subject: Re: [adulau/ssldump] Write to pcap don't rotate and it was impossible to write into a pipe (#55) Hi, I can't reproduce the error you reported. Here is how I test my patch (on Debian Buster): $ git clone -b dev https://github.com/wllm-rbnt/ssldump.git $ cd ssldump $ ./autogen.sh $ ./configure $ make $ mkfifo test.pcap; sudo ./ssldump -n -i any -w test.pcap In a second terminal, I run: $ sudo tcpdump -n -r test.pcap I have the session decoding on the first terminal, and the flow of packets on the second one. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#55 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABIKM2YWXT5LUEVCE2PLKQDTUQS3TANCNFSM463RQICQ>.

HI, Because on RHEL 7 there was a version of ssldump (1.13b) compiled with the openssl version 1.0.2 do you think is possible to modify some configuration on build system to adopt this version? From: wllm-rbnt ***@***.***> Sent: Friday, 25 June, 2021 18:03 To: adulau/ssldump ***@***.***> Cc: De Luca Michele ***@***.***>; Author ***@***.***> Subject: Re: [adulau/ssldump] Write to pcap don't rotate and it was impossible to write into a pipe (#55) Here is a recipe to build it on RHEL/Centos 7.9. You will need a recent version of openssl. I've never tested it on this version of the distro, you might encounter bugs at runtime. $ sudo yum install git autoconf automake gcc make libpcap-devel libnet-devel json-c-devel tmux wget $ wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz $ tar xvfz openssl-1.1.1k.tar.gz $ cd openssl-1.1.1k $ ./config $ make $ make install $ cd .. $ echo "/usr/local/lib64" | sudo tee /etc/ld.so.conf.d/openssl.conf $ sudo ldconfig $ git clone -b dev https://github.com/wllm-rbnt/ssldump.git $ cd ssldump $ ./autogen.sh $ ./configure CPPFLAGS="-D_BSD_SOURCE=1" $ make $ sudo ./ssldump -n -i eth0 — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#55 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABIKM2ZXD7WGIDT2IOL7QA3TUSSCJANCNFSM463RQICQ>.