View unanswered posts | View active topics It is currently Mon Dec 10, 2018 1:42 am



Post new topic Reply to topic  [ 9 posts ] 
 httpfd parse 
Author Message

Joined: Sat Mar 31, 2012 9:29 am
Posts: 10
Reply with quote
Post httpfd parse
I have a pcap package (file download,file name:"next4.rar"), but no parse out!
help,thanks


Mon Nov 19, 2012 2:01 am
Profile

Joined: Sat Mar 31, 2012 9:29 am
Posts: 10
Reply with quote
Post Re: httpfd parse
attachment how to go?


error:"The extension cap is not allowed."


Mon Nov 19, 2012 2:06 am
Profile

Joined: Sat Mar 31, 2012 9:29 am
Posts: 10
Reply with quote
Post Re: httpfd parse
Give me your e-mail address, I send the pcap file to you.thanks


Mon Nov 19, 2012 2:15 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: httpfd parse
Hi,
you can try now to post your pcap, or you can send us the pcap at bug@xplico.org


Mon Nov 19, 2012 1:13 pm
Profile WWW

Joined: Sat Mar 31, 2012 9:29 am
Posts: 10
Reply with quote
Post Re: httpfd parse
ok,attachment of "next4_rar.cap"


You do not have the required permissions to view the files attached to this post.


Mon Nov 19, 2012 2:38 pm
Profile

Joined: Sat Mar 31, 2012 9:29 am
Posts: 10
Reply with quote
Post Re: httpfd parse
hi
I use the version is:1.0.0 and 1.0.1.

thanks


Tue Nov 20, 2012 8:15 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: httpfd parse
Hi,
I tested your pcap with the last version of Xplico and for me it is all ok.
Your pcap is decoded by the http dissector. The httpfd dissector and manipulator are specific for files (in general for http contents) downloaded with many HTTP requests-responces. In your case the rar file is donwload with only one HTTP request, then httpfd does nothing.

Ciao.
Gianluca


Tue Nov 20, 2012 4:06 pm
Profile WWW

Joined: Sat Mar 31, 2012 9:29 am
Posts: 10
Reply with quote
Post Re: httpfd parse
hi,
In your pcap file(xplico.org_sample_capture_protocols_supported_in_0.6.3.pcap),the file download of "pop.mp3",only one HTTP request,but httpfd parse,why?

In addition, httpfd can processing real-time(rltm_pol)? I test the real-time parsing failed to download file.

thanks


Wed Nov 21, 2012 2:33 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: httpfd parse
Quote:
In your pcap file(xplico.org_sample_capture_protocols_supported_in_0.6.3.pcap),the file download of "pop.mp3",only one HTTP request,but httpfd parse,why?

It depends by how the HTTP response is made. In some condictions (ie repsonce header) xplico (httpfd) assumes the possibility of a download with many HTTP requests, also if, at the end, the download will be done with only one HTTP.

Quote:
In addition, httpfd can processing real-time(rltm_pol)? I test the real-time parsing failed to download file.

Yes, it can do. I remember you: http://www.xplico.org/archives/944

Ciao.
Gianluca


Wed Nov 21, 2012 8:24 am
Profile WWW
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by Vjacheslav Trushkin for Free Forums/DivisionCore.