Completed IPP (Internet Printing Protocol) and PJL (Printer Job Language) dissectors. These dissectors convert the traffic network printers in pdf file format. Thanks to MT-Lab for the idea.

This pdf file is an example of reconstruciton (from Wireshark ipp.pcap).

Added in screenshot page new images. Some of this images are present in Deft4.
A particular example of decoding is this pcap (Wireshark SampleCaptures) that contains an FTP/TCP/IPv6 stream over IPv4. The IPv4 connections are among three separate addresses. Simple, but interesting capture file. Released sources code of Xplico v0.1-Deft3x (see download). The Xplico improvements that will be in Deft4 are:

• Access to every HTTP message: request header and body; response header and body. Therefore, it will be viewed the request body of the POST.
• Viewing YouTube video or any video transited in HTTP with content-type "video/flv" extracted from pcap file.
• Browsing all images transported in HTTP (with ImageFlow).
• Improvement of displaying Web pages extracted from pcap file.

You can find a demo of Xplico v0.1 in Deft 3x distribution.

Remember to run xplico-start from the Terminal for launch the tool.

This Demo supports SMTP, POP and HTTP protocols (obviously Ethernet, IP and TCP).
<

Copyright © 2007-2008 Gianluca Costa & Andrea De Franceschi.
All rights reserved.