Xplico.org
http://forum.xplico.org/

Error Opening File
http://forum.xplico.org/viewtopic.php?f=3&t=574
Page 1 of 1

Author:  jobob [ Mon Jul 17, 2017 2:49 pm ]
Post subject:  Error Opening File

Hi.
I'm running ubuntu 16.04 and I just installed xplico (1.2.0) as per the instructions on the download page, but when I try to run xplico from the command line I run into an "Error Opening File." For example:

Code:
xplico -m rltm -i eth0
xplico v1.2.0
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2017 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.
Limits not changed
Configuration file (/opt/xplico/cfg/xplico_cli.cfg) found!
Error Opening file
Error Opening file
...


I have run
Code:
sudo chmod -R 777 /opt/xplico

and
Code:
sudo xplico -m rltm -i eth0

thinking that this is a permissions issue, but I get the same output.

I can launch the web interface, but I don't think that xplico is decoding the pcap files properly. Perhaps I am not waiting long enough there (a few minutes)?

Thanks for the help!

P.S. As a side note, I'm trying to use xplico to live (that is, in close to real time) render all html pages transmitted over HTTP on a local area network that will probably not see more than 100 requests a minute. Will xplico even be able to decode the pcap files quickly enough for this?

Author:  gianluca.costa [ Sat Jul 22, 2017 12:56 pm ]
Post subject:  Re: Error Opening File

Hi,
xplico (as application) is running well also with these errors. The errors are not from xplico but from the manipulators that are defined in the configuration file (in your case /opt/xplico/cfg/xplico_cli.cfg). All the manipulators don't find the GeoIP DB in the first two default path and so they give these errors (I have to improve the error message).

Using xplico as application the data extracted are saved on "xdecode" directory therefore you can not visualize the data on the web interface.

About your question 100 connections/min can be decoded by xplico without problem.

Best regards

Author:  jobob [ Mon Jul 24, 2017 8:11 pm ]
Post subject:  Re: Error Opening File

Thanks for replying.

Perhaps that error is not my issue then, but I still am not able to use xplico as I expect that I should be able to.

For example, I have been trying to view the decoded html pages as per the example pcap files (specifically Images in HTTP from http://wiki.xplico.org/doku.php?id=pcap:pcap). When using the web interface I am not able to see any entries in site (or any) part of the case dialog and the following occurs when I run xplico from the command line.

Code:
sudo xplico -m pcap -f xplico.org_sample_capture_images.pcap
xplico v1.2.0
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2017 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.
Limits changed
Configuration file (/opt/xplico/cfg/xplico_cli.cfg) found!
Error Opening file
Error Opening file
Error Opening file
Error Opening file
Error Opening file
Error Opening file
Error Opening file
Error Opening file
Manipulator webymsg error
Dispatch to manipulator initialization error


Is there something that I can do to remedy this?

Thanks!

Author:  gianluca.costa [ Tue Jul 25, 2017 4:51 pm ]
Post subject:  Re: Error Opening File

Hi,
if you launch xplico from cli you can not use the web interface, because xplico from cli doesn't put the data decoded in the DB used by the web user interface.
This is the issue.

Can you explain me what is your goal?... in this way I can try to propose you a way to use xplico for your purpose.

Ciao.
Gianluca

Author:  jobob [ Tue Jul 25, 2017 5:20 pm ]
Post subject:  Re: Error Opening File

Hi Gianluca,
I would like to listen to all packet copies forwarded by a router I control and then reconstruct all html files over http such that I can open them with a browser and the elements (images, stylesheets, etc.) of the pages will load as well. I tried to do this with bro, but the reconstructed file names aren't what the html pages expect. This entire process must be automated. I'm trying to display the pages that people request on an open wifi network on a few screens as an installation to inform them about how their information can be used online.

It would be sufficient for me to run the xplico service live and write a script to harvest the decoded files from the sqlite database, but I can't event get the service to work as described in the wiki pages.

For example,
I run
Code:
service xplico start
service xplico status

with the following output
Code:
● xplico.service - Xplico
   Loaded: loaded (/usr/lib/systemd/system/xplico.service; disabled; vendor preset: enabled)
   Active: active (running) since Tue 2017-07-25 12:18:25 CDT; 4s ago
  Process: 3719 ExecStart=/opt/xplico/bin/dema -d /opt/xplico -b sqlite (code=exited, status=0/SUCCESS)
 Main PID: 3722 (dema)
   CGroup: /system.slice/xplico.service
           └─3722 /opt/xplico/bin/dema -d /opt/xplico -b sqlite

Jul 25 12:18:25 listen-OptiPlex-9020 systemd[1]: Starting Xplico...
Jul 25 12:18:25 listen-OptiPlex-9020 systemd[1]: xplico.service: PID file /var/run/dema.pid not readable (yet?) after start: No such file or directory
Jul 25 12:18:25 listen-OptiPlex-9020 systemd[1]: Started Xplico.


And, as described above, when I try to even just decode a pcap file, the "site" tab is not populated.

Thanks for the help!

Author:  gianluca.costa [ Sat Jul 29, 2017 8:12 am ]
Post subject:  Re: Error Opening File

Hi jobob,
do you have installed using the deb package or from the source?
Give me the time (I'm very busy), after your response to reproduce the problem and find the bug/solution.

Ciao.
Gianluca

Page 1 of 1 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/