View unanswered posts | View active topics It is currently Mon Sep 16, 2019 2:18 pm



Post new topic Reply to topic  [ 8 posts ] 
 no data 
Author Message

Joined: Thu Jul 19, 2012 5:59 pm
Posts: 9
Reply with quote
Post no data
Hello,

i'm new at using XPlico and having serveral problems I hope that you can help me resolve them.
I'm running it on unbuntu desktop 12.04 the version of XPlico is 7.1

1) When i start up XPlico using the following commands
/opt/xplico/script/sqlite_demo.sh
create a new session in the webinterface and activate it on wlan0 or eth0 both ways tested
execute netsniff-ng -i wlan0 or (eth0) –out /opt/xplico/pol_1/sol_1 –silent –jumbo-support –interval 300

generating traffic by other clients i see no pcap files appering also there is no information displayed in any way. Only the traffic generated on the host him self is comming in.
Waited for about 20 min to see if any information is comming treu.
Have downloaded a sample pcap and imported it this information is displayed.

What am i doing wrong??

2) how can i create a correct pcap file what can be imported in XPlico?
my clients are W7, vista, Ipod, NAS.

Been trying to make pcap files on both interfaces wlan and eth but no luck.
Can you please give me the right syntax?

Syntax i did use netsniff-ng -i wlan0 or (eth0) --out test.pcap --silent --jumbo-support

Can some one help :?:

Rgds,

John


Sat Jul 21, 2012 8:40 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: no data
Hi John,
Quote:
I'm running it on unbuntu desktop 12.04 the version of XPlico is 7.1

Why you do not use 1.0.0?

Quote:
1) When i start up XPlico using the following commands
/opt/xplico/script/sqlite_demo.sh
create a new session in the webinterface and activate it on wlan0 or eth0 both ways tested
execute netsniff-ng -i wlan0 or (eth0) –out /opt/xplico/pol_1/sol_1 –silent –jumbo-support –interval 300

Some questions to understand the what appens:
1a) have you created a new case with "Uploading PCAP capture file/s" as "DATA ACQUISITION" or your case type is "Live acquisition"? If the answer is: my case type is "Live acquisition", then this is an error. With netsniff-ng, Xplico (case) must be configured as "Uploading PCAP capture file/s".
1b) after you have created a new case and a new session on /opt/xplico there is a new dir named pol_XX? If not, then you must use Xplico 1.0.0 for Ubuntu 12.04.

If the answers to 1a and 1b are ok, continue.

Quote:
2) how can i create a correct pcap file what can be imported in XPlico?

tshark, wireshark, tcpdump and netsniff-ng are all good tools to capture the network traffic and all produce pcap files usable by Xplico.
Quote:
Been trying to make pcap files on both interfaces wlan and eth but no luck.
Can you please give me the right syntax?

Have you tried to capture the traffic with tcpdump or Wireshark and see if these tools capture something?

Quote:
Can you please give me the right syntax?
Syntax i did use netsniff-ng -i wlan0 or (eth0) --out test.pcap --silent --jumbo-support

It is ok, I used it and I could see test.pcap packets. Remember to disable checksum check on Xplico; in some case (network cards - Linux dd) there may be (TCP) packets with checksum error, but these packets have not error, then you must disable checksum check on Xplico (login as admin:xplico).

Ciao.
Gianluca


Sun Jul 22, 2012 7:49 am
Profile WWW

Joined: Thu Jul 19, 2012 5:59 pm
Posts: 9
Reply with quote
Post Re: no data
Hello

Here are the answers to your questions.

Did try to install 1.0.0 but i recieved a error for now. 07.1 i knew would install.

Indeed i had the Live acquisition configuration.
Had a test setup with uploading pcap files

The difference is that i see pcap files appering in /pol_1/sol_1 dir.
Now but still there is no data displayed.
netsniff-ng -i eth0 --out /opt/xplico/pol_1/sol_1 --jumbo-support --interval 300

for this moment i used the following command to create a pcap file
tshark -i eth0 -b filesize:3096 -w cap.pcap
i will include the pcap file also a file that i found in the sol_1 dir
can you take a look at them mabye you see something

i did put the checksum check off

thanks so far.


You do not have the required permissions to view the files attached to this post.


Sun Jul 22, 2012 2:46 pm
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: no data
Quote:
Did try to install 1.0.0 but i recieved a error for now. 07.1 i knew would install.

What is the error when you install 1.0.0? If you help us, we can fix the installation bug.

Ok, I found the problem: a my error in the example of netsniff-ng usage.
You must setup Xplico case as "Uploading PCAP capture file/s", and the netsniff-ng command must be:
Code:
sudo netsniff-ng -i eth0 –out /opt/xplico/pol_1/sol_1/new –silent –jumbo-support –interval 300


You pcap files are ok, but you must disable the checksum check in Xplico.

Ciao.
Gianluca


Mon Jul 23, 2012 7:35 am
Profile WWW

Joined: Thu Jul 19, 2012 5:59 pm
Posts: 9
Reply with quote
Post Re: no data
Hello,

The error i recieved started at the first part installing GeoIP-1.4.8 after the command libtoolize -f i got the messega i had to install libtool after i did that everything went wrong.

This morning did a fresh install of 1.0.0 ignoring the libtool message and the installation went fine but i wasn't able to load and preview the test pcap files.
so went back again to 7.1 till the preview part everything is fine. Data looks ok sound from the sip files is ok this way i should be able that the installation is oke.

Now comes.

I think i'm almost there :roll:

When i look up sites on the localhost it works ok i see the pcap files appering in the sol_?/new dir then they are moved to decode and data is readeble in de xi just what i looked up.

now the problem that has left over.

When i take a client i still see pcap files created in the sol_?/new dir and being moved to decode.
At that part comes the error message ERROR: incorrect capture file filename.pcap

Complete information about setup:

Ubuntu desktop 32 bits 12.04 TLS
Fully updated true apt-get update and apt-get upgrade
Installed the classic desktop theme
installed gtk-recordmydesktop
installed mc
installed cmake

XPlico is installed following the howto for 0.7.1. http://wiki.xplico.org/doku.php?id=tutorial:0.7.0
for the compilation off videosnarf and ghostpdl i had to follow the Troubleshooting guide

Hope you can help me resolve the last part.

Rgds,

John


Mon Jul 23, 2012 11:32 am
Profile

Joined: Thu Jul 19, 2012 5:59 pm
Posts: 9
Reply with quote
Post Re: no data
Some extra info what mabey is essential to know.
I do not login as user which requeires to sudo command. I login directly under root.
Both XPlico and Netsniff-ng are started under root.


Mon Jul 23, 2012 7:28 pm
Profile

Joined: Thu Jul 19, 2012 5:59 pm
Posts: 9
Reply with quote
Post Re: no data
Great application works as it suposed to work. :lol:
Great support from the XPLICO team these guy's no what they are doing. :D

Only problem i still have is with netsniff-ng
the pcap files which are created are creating a error during the import.
So if any one has the same error or has a sulotion let me know it.

i would appriciate it.

Rgds,

John

To the XPLICO team keep up the good work.


Fri Jul 27, 2012 9:54 am
Profile

Joined: Thu Jul 19, 2012 5:59 pm
Posts: 9
Reply with quote
Post Re: no data
Possible sulotion to this error with netsniff-ng

When i take a client i still see pcap files created in the sol_?/new dir and being moved to decode.
At that part comes the error message ERROR: incorrect capture file filename.pcap

Just add -c option to sudo netsniff-ng -i eth0 –out /opt/xplico/pol_1/sol_1/new –silent –jumbo-support –interval 300

It could be a I/O issue at least that was the case with me

Now all works fine


Fri Jul 27, 2012 1:30 pm
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by Vjacheslav Trushkin for Free Forums/DivisionCore.