Network Traffic Analysis Tools

From Hack Sphere Labs Wiki
Revision as of 08:38, 2 April 2013 by Webdawg (talk | contribs) (Created page with "=tcpxtract= *http://taosecurity.blogspot.com/2006/01/network-forensic-traffic.html =chaosreader= *http://www.blackbytes.info/2012/01/four-ways-to-extract-files-from-pcaps/ =...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

tcpxtract

chaosreader

wireshark

xplico

Install

yaourt xplico
sudo nano /etc/php/php.ini
  • Enable Also:
extension=pdo_sqlite.so
extension=pdo_sqlite.so
  • Configure httpd
sudo nano -w /etc/httpd/conf/httpd.conf
  • Add this to the end:
Include conf/extra/httpd-xplico.conf
  • Restart/Start apache
sudo systemctl start httpd

or

sudo systemctl restart httpd 


==Notes

  • Test php config:
php -v

you are using newer php version. in php 5.4, E_STRICT is part of E_ALL

in cake 1.3, open file /cake/bootstrap.php and change the error_reporting like this

   error_reporting(E_ALL & ~E_STRICT & ~E_DEPRECATED);
Note: Webinterface works but it will not accept uploaded files
Note: Command line tools seem to work with much error.

I can get the software to start, load the webinterface, it seems like everything is running but I cannot get it to accept uploaded pcap files. It seems if you use the command line utilities and import the data it seems to work fine.

For starting Xplico, please choose one of these options as root:

  • a) If you are using the Ubuntu/Debian package, run: "/etc/init.d/xplico start"
  • b) Run: "/opt/xplico/script/sqlite_demo.sh"


dsniff


Notes

editcap packetcapture.cap split.pcap -c 100000
split ?

---