Government Security
Network Security Resources

Jump to content

Photo

How To Capture Real Time Traffic Network With Tcpdump And Xpli

- - - - - security linux server network dns python perl php sql mysql
  • Please log in to reply
No replies to this topic

#1 aliceinwire

aliceinwire

    Private

  • Members
  • 5 posts

Posted 02 November 2009 - 09:06 AM

Sorry for the few post in this day but im working in to much project at the same time :S

I have try this xplico today and it work pretty good,it still need some fix , but it do the work.

Ok for start you need to install Tcpdump and Xplico from your distribution installation command.
for dependance:

apt-get install sqlite tcpdump tshark apache2 php5 php5-sqlite build-essential perl zlib1g-dev libpcap-dev libsqlite0-dev libmysqlclient15-dev php5-cli python-all

if you have download the .deb you have only to give
dpkg -i name.deb

if you have download the source code you have to give with root permission
make install

for install the interface you need apache with rewrite, php5 and php5-sqlite
and put the file in your web server
usually /var/www/

post_max_size = 100M
upload_max_filesize = 100M

ok now for the live capture we have to give this command (and every time you need a new live caption)

cd /opt/xplico/script/db/sqlite2
./create_xplico_db.sh



At this time you only need to go at localhost :9876



Posted Image




Insert the user and password write in the bottom and insert the capture id
when you have insert all id
you can run this:

cd /opt/xplico/script
./rt_demo.sh




Posted Image





(in the source that i have download this script is copyrighted i hope the author can modify it with GPL2 because it need some modify for the tcpdump command in it)
update:
I had received a mail from the author about this script when he said that in the neXt Release is all GPL !
Thanks for the fast replay :)




Posted Image




At this time is starting to retrive network packets and to catalogate it
You can also start to see the web packet retrived and other stuff


Posted Image

Posted Image

Posted Image

You can read also Email



Posted Image



Protocols Dissectors





Dissector

Status

Note
Ethernet 100% —
PPP 90% —
VLAN 95% —
L2TP 70% —
IPv4 98% —
IPv6 98% —
TCP 95% —
UDP 100% —
DNS 80% —
HTTP 100% —
SMTP 95% —
POP 95% —
IMAP 95% —
SIP 80% —
RTP 70% —
RTCP 60% —

Dissector

Status

Note
SDP 70% —
FTP 90% —
IPP 90% —
PJL 90% —
NNTP 30% —
MSN 10% —
IRC 15% —
YAHOO 0% —
GTALK 0% —
EMULE 0% —
SSL/TLS 0% with keys
IPsec 0% with keys
802.11 0% with keys
MMSE 95% over HTTP
Linux cooked 95% SLL
TFTP 90% —

I want say thanks to Xplico Team for this great software :)





Also tagged with one or more of these keywords: security, linux, server, network, dns, python, perl, php, sql, mysql