Open Source Network Forensic Analysis Tool (NFAT) 

Twitter E-mail RSS

DEFT 4 console-mode

With DEFT4, without run X (deft-gui), you can capture and decode ethernet traffic in this way:

open /xplico/cfg/xplico.cfg file and modify:


#MODULE=dis_pcapf.so LOG=FEWITDS

DISPATCH=disp_deft.so LOG=FEWITDS

in


MODULE=dis_pcapf.so LOG=FEWITDS

DISPATCH=disp_none.so LOG=FEWITDS

And finally:

mkdir decode
cd decode
/xplico/bin/xplico -c /xplico/cfg/xplico.cfg -m rltm -i eth0

All the decoded data are stored in http, ipp, pjl, pop and smtp directory.

For more details: console-mode