Known working distro/version? #25
Description
Hi, is there a recommended Linux distro and version polymorph is known to work against?
I have tried with CentOS 7 as well as via LudwigEnglbrecht's docker image, but always hit issues.
Definitely there is some dependency on specific version of tshark: if I use tshark 2.6, I hit the 'int' object is not subscritable issue seen at #20 (comment).
I am also wondering if there is dependency on specific version of libnetfilter_queue-devel?
With CentOS 7, tshark 2.2, workaround mentioned in #8, I still hit issues when trying to capture from localhost:
PH > capture -i lo
[+] Waiting for packets...(Press Ctr-C to exit)
^C[ERROR] Parsing field: eth.dst
[ERROR] Parsing field: eth.src
[ERROR] Parsing field: eth.type
[ERROR] Parsing field: ip.version
[ERROR] Parsing field: ip.hdr_len
[ERROR] Parsing field: ip.dsfield
[ERROR] Parsing field: ip.len
[ERROR] Parsing field: ip.id
[ERROR] Parsing field: ip.flags
[ERROR] Parsing field: ip.frag_offset
[ERROR] Parsing field: ip.ttl
[ERROR] Parsing field: ip.proto
[ERROR] Parsing field: ip.checksum
[ERROR] Parsing field: ip.src
[ERROR] Parsing field: ip.addr
[ERROR] Parsing field: ip.src_host
[ERROR] Parsing field: ip.host
[ERROR] Parsing field: ip.dst
[ERROR] Parsing field: ip.dst_host
[ERROR] Parsing field: icmp.type
[ERROR] Parsing field: icmp.code
[ERROR] Parsing field: icmp.checksum
[ERROR] Parsing field: icmp.ident
[ERROR] Parsing field: icmp.seq
[ERROR] Parsing field: icmp.seq_le
[ERROR] Parsing field: icmp.data_time
[ERROR] Parsing field: icmp.data_time_relative
[ERROR] Parsing field: data
Thanks in advance. This looks like a super useful utility!