View unanswered posts | View active topics It is currently Wed Nov 14, 2018 1:52 pm



Post new topic Reply to topic  [ 8 posts ] 
 Upload pcap file generated by Fritzbox 
Author Message

Joined: Mon Jan 11, 2010 8:27 pm
Posts: 4
Reply with quote
Post Upload pcap file generated by Fritzbox
I do have an pcap file (ending is .eth) which was generated by my dsl-modem. If I use Wireshark I see the complete network traffic. But if I want to load this file in xplico I only get the start and the end date of the recording (after several minutes of loading). What is wrong? Do I have to convert the eth file first?

Thanks


Mon Jan 11, 2010 8:50 pm
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Upload pcap file generated by Fritzbox
Hi tom,
if you can post the pcap (even with one flow) in the forum or send it to me (bug[@]xplico.org), I can understand the problem and then help you.

Ciao.
Gianluca


Tue Jan 12, 2010 7:59 am
Profile WWW

Joined: Mon Jan 11, 2010 8:27 pm
Posts: 4
Reply with quote
Post Re: Upload pcap file generated by Fritzbox
Hi Gianluca,

I sent the requested file.

Thank you
TOm


Tue Jan 12, 2010 7:51 pm
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Upload pcap file generated by Fritzbox
Hi Tom,
the LLC dissector of Xplico is very (very) simple, and does not handle all cases.
In your pcap the protocol stack is:
Frame -> llc -> ethernet -> pppoe -> ppp -> ip -> ...
The LLC dissector of Xplico was not able to recognize and decode this type of use of llc.
But with a bit of analysis and a bit of code here there is the solution :
Attachment:
llc_new.tgz

The steps are:
  • cd xplico (root source code)
  • tar xzvf llc_new.tgz
  • make clean all
  • sudo cp modules/* /opt/xplico/bin/modules
The last step allows you to avoid installing ( sudo make install ) and then to preserve the data already decoded.

Ciao.
Gianluca


You do not have the required permissions to view the files attached to this post.


Wed Jan 13, 2010 6:48 pm
Profile WWW

Joined: Mon Jan 11, 2010 8:27 pm
Posts: 4
Reply with quote
Post Re: Upload pcap file generated by Fritzbox
Good morning Gianluca,

now it works perfect! Thank you very much for the quick help.

Tom


Thu Jan 14, 2010 6:39 am
Profile

Joined: Wed Sep 16, 2009 10:45 pm
Posts: 128
Reply with quote
Post Re: Upload pcap file generated by Fritzbox
Hello Tom,
could you let us use your capture to link it at the wiki, so all the people could use it for tests, demos, etc?
Or, if it has sensible data, could you do another capture and give it to us to upload it at http://wiki.xplico.org/doku.php?id=pcap:pcap ?

Thank you.


Thu Jan 14, 2010 8:34 am
Profile

Joined: Mon Jan 11, 2010 8:27 pm
Posts: 4
Reply with quote
Post Re: Upload pcap file generated by Fritzbox
attached the sample pcap file.


Fri Jan 15, 2010 4:47 am
Profile

Joined: Wed Sep 16, 2009 10:45 pm
Posts: 128
Reply with quote
Post Re: Upload pcap file generated by Fritzbox
Thank you Tom :)


Fri Jan 15, 2010 8:47 am
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by Vjacheslav Trushkin for Free Forums/DivisionCore.