Archive for the “DEFT” Category

May 10 2010

Xplico 0.5.7: VoIP tapping and phone numbers

Posted by: Gianluca C. in DEFT, Dissectors, Improvements, News, Release

This release introduces improvements in the SIP and RTP dissectors.
In this version was also added the RTCP dissector, with this dissector Xplico is able to obtain the phone numbers of the caller and called party (obviously only if present in the RTCP packets).

DEFT 5.1 Live distribution contains this version.

You can download source code and Ubuntu 10.04 package here.

Enjoy ;) .

Comments Comments Off

Nov 15 2009

Xplico version 0.5.3 and DEFT Vx5

Posted by: Gianluca C. in Binary, DEFT, Dissectors, Improvements, News, Release, Visualization

You can find this release in DEFT Vx5 Linux distribution.
You can download source code, Ubuntu 9.10 package and VirtualBox.org image here.

This version of Xplico introduce many new features:

xi_dns_2

  • snoop Packet Capture File Format as input file
  • DNS dissector with graphical representation in Xplico Interface (XI)
  • NNTP dissector
  • PPPOE dissector
  • direct live acquisition from XI
  • new dispatcher named CLI: this dispatcher organize the data extracted in a tree as this:

    xdecode/<ip_src_1>/http
    xdecode/<ip_src_1>/mail/
    xdecode/<ip_src_1>/nntp
    xdecode/<ip_src_1>/ftp
    xdecode/<ip_src_1>/...
    xdecode/<ip_src_2>/http
    xdecode/<ip_src_2>/mail/
    xdecode/<ip_src_2>/nntp
    xdecode/<ip_src_2>/ftp
    xdecode/<ip_src_2>/...
  • default  CLI dispatcher in command line execution
  • file extension for the HTTP contents

We have to thank:

Enjoy ;) .

Comments Comments Off

Nov 22 2008

DEFT 4 console-mode

Posted by: Gianluca C. in DEFT

With DEFT4, without run X (deft-gui), you can capture and decode ethernet traffic in this way:
Read the rest of this entry »

Comments Comments Off

Nov 15 2008

DEFT 4

Posted by: Gianluca C. in DEFT, News

DEFT4 has arrived! In this release, there are many new features.
The novelty of Xplico in Def4 are:

  • console-mode Xplico execution
  • acquisition and processing in realtime (in console-mode)
  • access to every HTTP message. You can examine:
    • request header and body
    • response header and body
    • Therefore it will be viewed the request body of the POST
  • Internet Printing Protocol (IPP) and Printer Job Language (PJL) dissectors. With these dissecors you can view, in PDF format, the pages printed with printers that use PCL5E, PCL5C, and PCL6 formats (for example HP LaserJet 2300dn, HP LaserJet 4). Other formats (ex: Zenographics ZJ-stream) are in development
  • viewing any video transited in HTTP with content-type “video/flv” extracted from pcap file (ex: YouTube video)
  • browsing all images transported in HTTP
  • improvement of displaying Web pages extracted from pcap file

Remember to run xplico-start from the Terminal and then launch Firefox with URL: http://localhost

Comments Comments Off

BerliOS Logo Get xplico at SourceForge.net. Fast, secure and Free Open Source software downloads