Jan 30 2009

Experiments of visualization

Posted by: Gianluca C. in Visualization

This is the first experiment of use of Flare library.

Thanks to Raffael Marty for his help with Flare.

In this representation are listed all dissectors with their bonds of dependency.

Comments Comments Off

Jan 10 2009

IMAP version

Posted by: Gianluca C. in Dissectors, Release

This release introduce the IMAP dissector. With this dissector it is possible reconstruct the e.mails transported by IMAP protocol. The web interface it is the same of last version.

Any bug reports or suggestions are welcome.

You can find source code here.

Comments Comments Off

Jan 07 2009

SniffJoke 0.2

Posted by: Gianluca C. in Note

An example of the effectiveness of SniffJoke is given by this pcap. It is easy to verify that Wireshark and other tools reconstruct the data entering the traffic generated by SbiffJoke, making reconstruction wrong.
Try this pcap… with your best tool.

Comments Comments Off

Nov 22 2008

Source code

Posted by: Gianluca C. in Improvements, Release

Released sources code of Xplico DEFT4 (see download).

Comments Comments Off

Nov 22 2008

DEFT 4 console-mode

Posted by: Gianluca C. in DEFT

With DEFT4, without run X (deft-gui), you can capture and decode ethernet traffic in this way:
Read the rest of this entry »

Comments Comments Off

Nov 15 2008

DEFT 4

Posted by: Gianluca C. in DEFT, News

DEFT4 has arrived! In this release, there are many new features.
The novelty of Xplico in Def4 are:

  • console-mode Xplico execution
  • acquisition and processing in realtime (in console-mode)
  • access to every HTTP message. You can examine:
    • request header and body
    • response header and body
    • Therefore it will be viewed the request body of the POST
  • Internet Printing Protocol (IPP) and Printer Job Language (PJL) dissectors. With these dissecors you can view, in PDF format, the pages printed with printers that use PCL5E, PCL5C, and PCL6 formats (for example HP LaserJet 2300dn, HP LaserJet 4). Other formats (ex: Zenographics ZJ-stream) are in development
  • viewing any video transited in HTTP with content-type “video/flv” extracted from pcap file (ex: YouTube video)
  • browsing all images transported in HTTP
  • improvement of displaying Web pages extracted from pcap file

Remember to run xplico-start from the Terminal and then launch Firefox with URL: http://localhost

Comments Comments Off

Nov 09 2008

New Site

Posted by: Gianluca C. in News

… just to start

Comments Comments Off

Aug 29 2008

Sniffer evasion tool

Posted by: Gianluca C. in Improvements

Xplico at present is unable to avoid sniffer evasion tool handling TTL (IP Time To Live). In version 0.6, Xplico will no longer be affected by this type of attack.
A good sniffer evasion tool is SniffJoke. SniffJoke prevent Xplico to reconstruct the traffic … and not only to Xplico ;) .

Comments Comments Off

Jul 17 2008

Internet Printing Protocol

Posted by: Gianluca C. in Dissectors

Completed IPP (Internet Printing Protocol) and PJL (Printer Job Language) dissectors. These dissectors convert the traffic network printers in pdf file format. Thanks to MT-Lab for the idea.
This pdf file is an example of reconstruciton (from Wireshark ipp.pcap).

Comments Comments Off

May 10 2008

Xplico Deft3x

Posted by: Gianluca C. in Release

Released sources code of Xplico Deft3 (see download).

Comments Comments Off

Next Entries »
BerliOS Logo Get xplico at SourceForge.net. Fast, secure and Free Open Source software downloads