Forums: How To Capture Real Time Traffic Network With Tcpdump And Xpli - Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

How To Capture Real Time Traffic Network With Tcpdump And Xpli

#1 User is offline   aliceinwire 

  • Private
  • Icon
  • Group: Members
  • Posts: 5
  • Joined: 19-January 09

Posted 02 November 2009 - 09:06 AM

Sorry for the few post in this day but im working in to much project at the same time :S

I have try this xplico today and it work pretty good,it still need some fix , but it do the work.

Ok for start you need to install Tcpdump and Xplico from your distribution installation command.
for dependance:

apt-get install sqlite tcpdump tshark apache2 php5 php5-sqlite build-essential perl zlib1g-dev libpcap-dev libsqlite0-dev libmysqlclient15-dev php5-cli python-all

if you have download the .deb you have only to give
dpkg -i name.deb

if you have download the source code you have to give with root permission
make install

for install the interface you need apache with rewrite, php5 and php5-sqlite
and put the file in your web server
usually /var/www/

post_max_size = 100M
upload_max_filesize = 100M

ok now for the live capture we have to give this command (and every time you need a new live caption)

cd /opt/xplico/script/db/sqlite2
./create_xplico_db.sh



At this time you only need to go at localhost :9876



http://2.bp.blogspot.com/_Zb07uqFW8vM/Sstdzo7asvI/AAAAAAAAASU/SwibGhmzJ_s/s200/Screenshot-Xplico+..:Pols:..+-+Iceweasel.png




Insert the user and password write in the bottom and insert the capture id
when you have insert all id
you can run this:

cd /opt/xplico/script
./rt_demo.sh




http://4.bp.blogspot.com/_Zb07uqFW8vM/Sstht6uHacI/AAAAAAAAATE/d7tpizdbJMc/s200/Screenshot-Terminal6.png





(in the source that i have download this script is copyrighted i hope the author can modify it with GPL2 because it need some modify for the tcpdump command in it)
update:
I had received a mail from the author about this script when he said that in the neXt Release is all GPL !
Thanks for the fast replay :)




http://4.bp.blogspot.com/_Zb07uqFW8vM/SstgU6jrYfI/AAAAAAAAASc/NRikTinQyt0/s200/Screenshot-Xplico+..:Sols:..+-+Iceweasel4.png




At this time is starting to retrive network packets and to catalogate it
You can also start to see the web packet retrived and other stuff


http://1.bp.blogspot.com/_Zb07uqFW8vM/SstgjZimN1I/AAAAAAAAASk/az5Xh5hiByA/s200/Screenshot-Xplico+..:Webs:..+-+Iceweasel10.png

http://2.bp.blogspot.com/_Zb07uqFW8vM/Ssthte1fNoI/AAAAAAAAAS8/mC5WCuZ3zEE/s200/Screenshot-Xplico.org+-+View+topic+-+Next+version+0.6+release+date%3F+-+14.png

http://1.bp.blogspot.com/_Zb07uqFW8vM/SsthMrBxgkI/AAAAAAAAASs/xQb0ODKQuYU/s200/Screenshot-Xplico+..:Webs:..+-+11.png

You can read also Email



http://3.bp.blogspot.com/_Zb07uqFW8vM/SsthYymSYPI/AAAAAAAAAS0/l3KevlANTMQ/s200/Screenshot-Xplico+..:Emails:..+-+13.png



Protocols Dissectors





Dissector

Status

Note
Ethernet 100% —
PPP 90% —
VLAN 95% —
L2TP 70% —
IPv4 98% —
IPv6 98% —
TCP 95% —
UDP 100% —
DNS 80% —
HTTP 100% —
SMTP 95% —
POP 95% —
IMAP 95% —
SIP 80% —
RTP 70% —
RTCP 60% —

Dissector

Status

Note
SDP 70% —
FTP 90% —
IPP 90% —
PJL 90% —
NNTP 30% —
MSN 10% —
IRC 15% —
YAHOO 0% —
GTALK 0% —
EMULE 0% —
SSL/TLS 0% with keys
IPsec 0% with keys
802.11 0% with keys
MMSE 95% over HTTP
Linux cooked 95% SLL
TFTP 90% —

I want say thanks to Xplico Team for this great software :)
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting