Joined: 14 Aug 2012
Moyenne de points: 1.00
|Posted: Wed 15 Aug - 23:31 (2012) Post subject: Analyzing the traffic with wireshark and Xplico.
|This tutorial will capture traffic on a local network with Wireshark and then the software will analyze the Forensic Xplico this with intuitive web interface and the two tools you will use are included in Backtrack, Microsoft Windows exists for a similar named "networkminer".
Xplico is a Network Forensic Analysis Tool (NFAT), which is a software that reconstructs the contents of acquisitions performed with a packet sniffer (eg Wireshark, tcpdump, Netsniff-ng).Unlike the protocol analyzer, whose main characteristic is not the reconstruction of the data carried by the protocols, Xplico born expressly with the aim to reconstruct the protocols's application data and it is able to recognize the protocols with a technique named Port Independent Protocol Identification (PIPI).
The name "xplico" refers to the latin verb explico and its significance.
Distributed under the GNU General Public License, Xplico is free software.
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues.
Wireshark is cross-platform, using the GTK+ widget toolkit to implement its user interface, and using pcap to capture packets; it runs on various Unix-like operating systems including Linux, Mac OS X, BSD, and Solaris, and on Microsoft Windows. There is also a terminal-based (non-GUI) version called TShark. Wireshark, and the other programs distributed with it such as TShark, are free software, released under the terms of the GNU General Public License.
information obtained from :
The first thing we will run wireshark to capture network traffic for the extension.pcap then save it and so to interpret it with Xplico forensic analysis software.
to capture traffic need to have it, then we will make surfing the net flow, also wireshark works in the background, I mean if we had punctured the wireless network would see the traffic that the attacker is building and so we could detect it.
after obtaining traffic on our network with extension.pcap save it in a place where we find him to discuss it with Xplico then, in my case it keeps on the desktop.
Xplico run backtrack from the menu.
copy the address of the local host in the browser and we appear Xplico the web interface.
the first thing to do is create a new case.
For once created, will create nuestar session analysis.
open the add new event created to keep above the archivo.pcap to capture the traffic with wireshark.
then we give that up and parses the file capture archivo.pcap wirshark file.pcap
once we see the traffic generdo analyzed previously downloaded image including the beginning of this tutorial, here and downloaded and accessed only normal pages but also wireshark capture protocols such as ftp and http, so if he had visited a ftp server from the network where this had we connected wireshark captures the password and user, as also all kinds of network prtocolos.
I hope you liked and you find it useful ....... Morphiss-binbash