Xplico.org
http://forum.xplico.org/

Upload pcap file generated by Fritzbox
http://forum.xplico.org/viewtopic.php?f=3&t=67
Page 1 of 1

Author:  tom [ Mon Jan 11, 2010 8:50 pm ]
Post subject:  Upload pcap file generated by Fritzbox

I do have an pcap file (ending is .eth) which was generated by my dsl-modem. If I use Wireshark I see the complete network traffic. But if I want to load this file in xplico I only get the start and the end date of the recording (after several minutes of loading). What is wrong? Do I have to convert the eth file first?

Thanks

Author:  gianluca.costa [ Tue Jan 12, 2010 7:59 am ]
Post subject:  Re: Upload pcap file generated by Fritzbox

Hi tom,
if you can post the pcap (even with one flow) in the forum or send it to me (bug[@]xplico.org), I can understand the problem and then help you.

Ciao.
Gianluca

Author:  tom [ Tue Jan 12, 2010 7:51 pm ]
Post subject:  Re: Upload pcap file generated by Fritzbox

Hi Gianluca,

I sent the requested file.

Thank you
TOm

Author:  gianluca.costa [ Wed Jan 13, 2010 6:48 pm ]
Post subject:  Re: Upload pcap file generated by Fritzbox

Hi Tom,
the LLC dissector of Xplico is very (very) simple, and does not handle all cases.
In your pcap the protocol stack is:
Frame -> llc -> ethernet -> pppoe -> ppp -> ip -> ...
The LLC dissector of Xplico was not able to recognize and decode this type of use of llc.
But with a bit of analysis and a bit of code here there is the solution :
Attachment:
llc_new.tgz

The steps are:
  • cd xplico (root source code)
  • tar xzvf llc_new.tgz
  • make clean all
  • sudo cp modules/* /opt/xplico/bin/modules
The last step allows you to avoid installing ( sudo make install ) and then to preserve the data already decoded.

Ciao.
Gianluca

Author:  tom [ Thu Jan 14, 2010 6:39 am ]
Post subject:  Re: Upload pcap file generated by Fritzbox

Good morning Gianluca,

now it works perfect! Thank you very much for the quick help.

Tom

Author:  carlos.gacimartin [ Thu Jan 14, 2010 8:34 am ]
Post subject:  Re: Upload pcap file generated by Fritzbox

Hello Tom,
could you let us use your capture to link it at the wiki, so all the people could use it for tests, demos, etc?
Or, if it has sensible data, could you do another capture and give it to us to upload it at http://wiki.xplico.org/doku.php?id=pcap:pcap ?

Thank you.

Author:  tom [ Fri Jan 15, 2010 4:47 am ]
Post subject:  Re: Upload pcap file generated by Fritzbox

attached the sample pcap file.

Author:  carlos.gacimartin [ Fri Jan 15, 2010 8:47 am ]
Post subject:  Re: Upload pcap file generated by Fritzbox

Thank you Tom :)

Page 1 of 1 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/