Open Source Network Forensic Analysis Tool (NFAT) 

Twitter E-mail RSS

DEFT 4 console-mode

With DEFT4, without run X (deft-gui), you can capture and decode ethernet traffic in this way:

open /xplico/cfg/xplico.cfg file and modify: LOG=FEWITDS LOG=FEWITDS


And finally:

mkdir decode
cd decode
/xplico/bin/xplico -c /xplico/cfg/xplico.cfg -m rltm -i eth0

All the decoded data are stored in http, ipp, pjl, pop and smtp directory.

For more details: console-mode