I have try this xplico today and it work pretty good,it still need some fix , but it do the work.
Ok for start you need to install Tcpdump and Xplico from your distribution installation command.
for dependance:
apt-get install sqlite tcpdump tshark apache2 php5 php5-sqlite build-essential perl zlib1g-dev libpcap-dev libsqlite0-dev libmysqlclient15-dev php5-cli python-all
(in the wiki version the l is missed in php5sqlite)
if you have download the .deb you have only to give
dpkg -i name.deb
if you have download the source code you have to give with root permission
make install
for install the interface you need apache with rewrite, php5 and php5-sqlite
and put the file in your web server
usually /var/www/
post_max_size = 100M
upload_max_filesize = 100M
ok now for the live capture we have to give this command (and every time you need a new live caption)
cd /opt/xplico/script/db/sqlite2
./create_xplico_db.sh
At this time you only need to go at http://localhost:9876
Insert the user and password write in the bottom and insert the capture id
when you have insert all id
you can run this:
cd /opt/xplico/script
./rt_demo.sh
(in the source that i have download this script is copyrighted i hope the author can modify it with GPL2 because it need some modify for the tcpdump command in it)
update:
I had received a mail from the author about this script when he said that in the neXt Release is all GPL !
Thanks for the fast replay :)
At this time is starting to retrive network packets and to catalogate it
You can also start to see the web packet retrived and other stuff
You can read also Email
Protocols Dissectors
|
|
|---|
I want say thanks to Xplico Team for this great software :)