Known working distro/version?

[jzablot]

Hi, is there a recommended Linux distro and version polymorph is known to work against?

I have tried with CentOS 7 as well as via LudwigEnglbrecht's docker image, but always hit issues.

Definitely there is some dependency on specific version of tshark: if I use tshark 2.6, I hit the 'int' object is not subscritable issue seen at #20 (comment).

I am also wondering if there is dependency on specific version of libnetfilter_queue-devel?

With CentOS 7, tshark 2.2, workaround mentioned in #8, I still hit issues when trying to capture from localhost:

PH > capture -i lo
[+] Waiting for packets...

(Press Ctr-C to exit)

^C[ERROR] Parsing field: eth.dst
[ERROR] Parsing field: eth.src
[ERROR] Parsing field: eth.type
[ERROR] Parsing field: ip.version
[ERROR] Parsing field: ip.hdr_len
[ERROR] Parsing field: ip.dsfield
[ERROR] Parsing field: ip.len
[ERROR] Parsing field: ip.id
[ERROR] Parsing field: ip.flags
[ERROR] Parsing field: ip.frag_offset
[ERROR] Parsing field: ip.ttl
[ERROR] Parsing field: ip.proto
[ERROR] Parsing field: ip.checksum
[ERROR] Parsing field: ip.src
[ERROR] Parsing field: ip.addr
[ERROR] Parsing field: ip.src_host
[ERROR] Parsing field: ip.host
[ERROR] Parsing field: ip.dst
[ERROR] Parsing field: ip.dst_host
[ERROR] Parsing field: icmp.type
[ERROR] Parsing field: icmp.code
[ERROR] Parsing field: icmp.checksum
[ERROR] Parsing field: icmp.ident
[ERROR] Parsing field: icmp.seq
[ERROR] Parsing field: icmp.seq_le
[ERROR] Parsing field: icmp.data_time
[ERROR] Parsing field: icmp.data_time_relative
[ERROR] Parsing field: data

Thanks in advance. This looks like a super useful utility!