http://wiki.xplico.org/ Wed, 08 Sep 2010 03:52:36 -0700 FeedCreator 1.7.2-ppt DokuWiki http://wiki.xplico.org/lib/images/favicon.ico http://wiki.xplico.org/ http://wiki.xplico.org/doku.php?id=api Xplico API This section contains docstrings that could be used in source code (Doxygen), so they should just rest here temporarily until they are included in the source code (so HTML API documentation could be generated automatically, instead of being on a page like this). Mon, 23 Aug 2010 12:07:26 -0700 http://wiki.xplico.org/doku.php?id=architecture Xplico System is composed from four macro-components: * a Decoder Manager called Dema * an IP/network decoder called Xplico * a set of applications called Manipulators for the manipulation of decoded data * a visualization system to view data extracted Mon, 23 Aug 2010 11:10:48 -0700 http://wiki.xplico.org/doku.php?id=building Xplico use source code, libraries, database and applications of other projects, some of those are inside Xplico code but other no, therefore to build Xplico (system) with all features it is necessary download (compile/install) these software: * Xplico source code: SorceForge or BerliOS * GeoIP C API version 1.4.6: GeoIP C API (Optional ) * GeoLite City database : MaxMind (Optional ) * GhostPCL last version: GhostPCL (Optional ) * Videosnarf last version: Videosnarf (Optional ) Tue, 10 Aug 2010 01:41:53 -0700 http://wiki.xplico.org/doku.php?id=configs The configuration file of Xplico defines: * the dissectors to use * the log level for each dissector * the directory to put all temporary files * the name of log file * the dispatcher to use * the connections with manipulators The default path locations of configurations files are: Tue, 10 Nov 2009 10:02:17 -0700 http://wiki.xplico.org/doku.php?id=console_mode We describe here only console-mode modality, if you use Web interface then you have to see Web Interface page. Xplico in console-mode permit you to decode a single pcap file, directory of pcap files or decode in real-time from an ethernet interface (eth0, eth1, …). To select the input type you have to use '-m' option. The '-m' option permit you to load a particular xplico capture interface (Capture modules). Sat, 14 Nov 2009 01:53:48 -0700 http://wiki.xplico.org/doku.php?id=decoder Xplico as network decoder is designed to be used either stand-alone or within architecture. The main characteristics of the decoder are its high modularity, scalability and configurability. The decoder has been designed so that the decoding of the protocol had to be disconnected from the formatting of data (raw) input, and also the format used for data output (reconstruction). Fri, 06 Aug 2010 16:36:27 -0700 http://wiki.xplico.org/doku.php?id=dema The Dema has the following duties: * organize the input data * set the configuration, history files for the decoder and the manipulators * launch decoder and manipulators * control the execution of decoder and manipulators Sat, 17 Oct 2009 08:41:04 -0700 http://wiki.xplico.org/doku.php?id=doing_a_deb_package For creating a .deb package for Xplico, follow these instructions: 1º) Download the source code #wget http://developer.berlios.de/project/showfiles.php?group_id=8919 (Choose i.e. xplico-0.5.4.tgz or later) 2º) Untar it # tar xvfz xplico-0.5.4.tgz # cd xplico Mon, 26 Oct 2009 04:55:11 -0700 http://wiki.xplico.org/doku.php?id=faq 1º) Xplico's sniffer is a new sniffer using pcap or are you using tshark or tcpdump? Xplico is written from scratch, it does not use tshark or tcpdump. And not born as sniffer. It makes no sense to use it live mode. 2º) Is there anyway to save at the same time the decoded traffic and in PCAP format? No directly. In Xplico the packets can not be copied and sent to two separate dissector (structural constraint). For decoding in real time the module is rltm (-m rltm), but it possible to lose pa… Tue, 02 Mar 2010 21:56:50 -0700 http://wiki.xplico.org/doku.php?id=interface The Xplico Interface is developed in PHP and it is based to CakePHP framework. This interface can use or SQLite database or MySQL database, at the moment only SQLite dispatcher is completed and tested in Xplico decoder. Source Code You can obtain the last source code from one of this site: Wed, 23 Dec 2009 01:35:07 -0700 http://wiki.xplico.org/doku.php?id=modules Xplico reads in traffic data (capture modules), dissects information from this data according to protocols (dissector modules), and then dispatches the information to a desired output destination (dispatcher modules). Every part of the decoder is a plugin and then a module. In Xplico (decoder), we distinguish between three types of modules: Wed, 18 Aug 2010 09:24:48 -0700 http://wiki.xplico.org/doku.php?id=tips_tricks If you have GB or TB of data to be decoded then the steps are these (obviously after you install Xplico and XI): sudo su cd /opt/xplico rm -rf pol_* rm xplico.db cd /opt/xplico/script/db/sqlite2 ./create_xplico_db.sh with XI create ONLY one case and inside this case ONLY one session. Now run DEMA (decoding manager): Sun, 17 Jan 2010 14:37:53 -0700 http://wiki.xplico.org/doku.php?id=tutorial Xplico 0.5.6 and 0.5.7 and 0.5.8 * Step by Step Xplico Installation Xplico 0.5.5 * Step by Step Xplico Installation Xplico 0.5.3 and 0.5.4 * Step by Step Xplico Installation Xplico 0.5.2 * Step by Step Xplico Installation Tue, 29 Jun 2010 05:52:26 -0700 http://wiki.xplico.org/doku.php?id=web_interface With this interface it is possible to create new case, introduce new capture file, view all data extracted by the decoder. First we have to log in: [Login page] the default user is deft and the password is xplico. The Case At this point we have to create a new case. In Xplico the case coincides with listening point (capture point in the network), this because the Xplico system (decoding manager, decoder, manipulators, ...) try to correlate the data extracted, to: Tue, 10 Nov 2009 23:22:57 -0700 http://wiki.xplico.org/doku.php?id=xplico This is the wiki site of Xplico Network Forensic Analysis Tool (NFAT). This application is still under heavy development, so it is possible that you will encounter a bug while using it. Don't hesitate to report bugs to bug[@]xplico.org and/or use the forum. Every feature requests and comments are well come. Mon, 23 Aug 2010 11:23:12 -0700