sudo su -
apt-get install tcpdump tshark apache2 php5 php5-sqlite build-essential perl libzip-dev libpcap-dev libsqlite3-dev php5-cli libapache2-mod-php5 libx11-dev libxt-dev libxaw7-dev python3.2 python3-httplib2 sqlite3 recode sox lame libnet1 libnet1-dev libmysqlclient-dev binfmt-support
mkdir xbuild cd xbuild
Download Xplico source code from SorceForge
tar zxvf xplico-1.0.x.tgz wget http://geolite.maxmind.com/download/geoip/api/c/GeoIP-1.4.8.tar.gz tar zxvf GeoIP-1.4.8.tar.gz cd GeoIP-1.4.8 libtoolize -f ./configure make cd .. rm -f *.tar.gz cd xplico wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz gzip -d GeoLiteCity.dat.gz rm -f *dat.gz make cd .. wget http://mirror.cs.wisc.edu/pub/mirrors/ghost/GPL/ghostpdl/ghostpdl-8.70.tar.bz2 tar jxvf ghostpdl-8.70.tar.bz2
The ghostpcl contains the pcl6 application that it is necessary to “network printer job”
rm -f *.bz2 cd ghostpdl-8.70 make
Wait for some time
cd .. cp ghostpdl-8.70/main/obj/pcl6 xplico-0.7.x rm -rf ghostpdl-8.70
Download videosnarf from http://ucsniff.sourceforge.net/videosnarf.html. Note for 64 bits architectures: Some codec libraries are proprietary and are only for 32bits architecture. The only solution in this case is this: http://forum.xplico.org/viewtopic.php?p=453#p453
wget http://downloads.sourceforge.net/project/ucsniff/videosnarf/videosnarf-0.63.tar.gz tar xvzf videosnarf-0.63.tar.gz cd videosnarf-0.63 ./configure make cd .. cp videosnarf-0.63/src/videosnarf xplico-0.7.x
If you want update your DB without lose your data the steps to follow are here.
Install Xplico
cd xplico-0.7.x make install
Copy Apache configuration file
cp /opt/xplico/cfg/apache_xi /etc/apache2/sites-enabled/xplico
After this we have to change Apache ports file to add port of XI. Then, in /etc/apache2/ports.conf add:
# xplico Host port NameVirtualHost *:9876 Listen 9876
The directory /opt/xplico/cfg must be read/write for Apache webserver.
We must also modify the php.ini file to allow uploads (pcap) files. Edit /etc/php5/apache2/php.ini.
The lines to modify are: post_max_size = 100M upload_max_filesize = 100M
Enable mode rewrite in Apache:
a2enmod rewrite
And finally restart Apache:
/etc/init.d/apache2 restart
Run Xplico with web interface:
/opt/xplico/script/sqlite_demo.sh
Successfully installed on:
If having problems building (on Ubuntu) try upgrading Ubuntu and trying again.
apt-get update apt-get dist-upgrade
General errors and solutions:
http://forum.xplico.org/viewtopic.php?f=3&t=2
Fix for ghostpdl-8.70 if not building: (http://bugs.ghostscript.com/show_bug.cgi?id=692443)
make clean make XCFLAGS=-DHAVE_SYS_TIME_H=1
Fix for videosnarf-0.63 if not building:
make (if errors here then do the following) cd /xbuild/videosnarf-0.63/src ln -s /usr/lib/i386-linux-gnu/libpcap.so /lib/libpcap.so g++ -g -O2 -o videosnarf main.o stream.o videosnarf.o h264rtp.o g722_decode.o g726_decoder.o g729_decoder.o g723_decoder.o ../codec-lib/libG729a.a ../codec-lib/libG7231.a ../codec-lib/libG726.a -L /usr/lib/i386-linux-gnu/ -lpcap
Error when running “make install”
Error: /bin/sh: ./create_xplico_db.sh: not found make[1]: *** [install] Error 127 make[1]: Leaving directory `/xbuild/xplico-1.0.0.r1.0/system' make: *** [installcp] Error 2
Fix: The error is most likely due to Windows new line format. You will see "^M" characters in the file if viewing it in Unix. Install (sudo aptitude install tofrodos) and Run dos2unix to fix this. dos2unix system/db/sqlite3/create_xplico_db.sh dos2unix system/db/sqlite3/helloworlds.sql dos2unix l7-patterns/helloworld.pat
Potential fix if things are not getting decoded fully:
Disable checksum verification ./xplico -c config/xplico_cli_nc.cfg -m pcap -f file.pcap