xplico / capanalysis Goto Github PK

Hi,

I am trying to capture traffic from remote host "on-the-fly". Remote host is RaspberryPi and I am using tcpdump. For capturing into Wireshark, it would work like this:

ssh user@host "sudo tcpdump -i wlan0 -s 65535 -w - etr host 11:22:33:44:55:66" | wireshark -k -i -

Anyway, I am trying to do similar with CapAnalysis:

ssh user@host "sudo tcpdump -i wlan0 -s 65535 -w - etr host 11:22:33:44:55:66" | nc 127.0.0.1 30002

It is working, however, data appear only when I stop capturing. Is it possible to do analysis and view graphs while still capturing data?

I am attempting to upload a pcap from a URL and I get the message that the upload fails - is there anyway I can see any other error messages so I can debug this?

The data for WhoIs is not populating in the menu when an IP is selected,

Please!

Hello, everybody,

after installing CapAnalysis according to the instructions, nothing happens:

https://www.capanalysis.net/ca/how-to-install-capanalysis

Do you know any advice?

Has anyone used CapAnalysis with Ubuntu desktop 18.04? It appears to install correctly, the new password page works fine, comes back with green check marks however when clicking on the green "go to Capanalysis UI" the screen comes back blank. When I look at the logs, /opt/capanalysis/log/2018_09_10.log, the message "error, user fail: Fatal: password authentication failed for user "capana" and Error: DB name fail: Fatal: database "capanalysis" does not exist.

This looks like a configuration or setup with a newer release, I checked Apache2, firewall is open, latest release of php-pgsql is installed.
Thanks, Randy

9/12/2018 Subsequently, I was able to log into the capanalysis database, could see tables and columns. It appeared the database setup ran fine.

Is it possible to use CapAnalysis on a stand-alone host without Internet connectivity?
If yes, will CapAnalysis fail to generate some data (e.g., GeoIP?)

best regards,
V

i have a big problem with xplico login

I gess it's a bad specificity of my OS, sorry.

capanalysis can analysis Maximum amount of data 13GB? when i upload the files more than 13GB, it can deal with 13GB，others can't be handled .what's the reason, is something wrong? thanks

can be deleted.

Hey,

I clone the repo and tried to build it but it didn't work. I simple try a 'make', because I can't find any configure/autogen or hint in the README what I should do before 'make'. But I get the error message: "make[1]: Entering directory '/home/pstengel/investigations/8com/project_8com/capanalysis/pcapseek'
make[1]: Leaving directory '/home/pstengel/investigations/8com/project_8com/capanalysis/pcapseek'
cc -rdynamic -I/home/pstengel/investigations/8com/project_8com/capanalysis/include -Wall -fPIC -D_FILE_OFFSET_BITS=64 -I/home/pstengel/investigations/8com/project_8com/capanalysis/include -I/usr/include/postgresql -g -ggdb -O0 -DXPL_X86=1 -c -o pkginstall.o pkginstall.c
pkginstall.c:32:20: fatal error: pkgbin.h: No such file or directory
compilation terminated.
Makefile:234: recipe for target 'pkginstall.o' failed
make: *** [pkginstall.o] Error 1
"
What should I do?

Greets, Paul

Hi,
I installed the package on Kali-rolling just fine. When I go to the start webpage and created the DB in postgresql and then want to go to the Capanalysis UI page I get an Internal Error page.

How can this be solved ?

Hello Gianluca,

I've got the Debian binary release package (CapAnalysis_1.2.0_amd64.deb) running in a debian 8.4.0 VM using VirtualBox under RHEL6. The VM has 4 cores, 4GB Ram, and a 256GB Fixed Allocation HDD. I edited the php.ini file to enable larger sized downloads (if fact, I set both post_max_size AND upload_max_filesize to ZERO to remove the size restriction, and changed the max upload count from 20 to 50. I am uploading a data set of about 150GB in 1GB pieces.

Using both the "drag-and-drop" and "click-to-select-files" methods for uploading pcaps, the VM will nearly always abort while uploading a set of files. I have not been able to tie the abort to any particular file, any particular file size, or any particular volume of data already received by the VM.

Any thoughts? Is there anything I can do to turn-on and/or view some sort of logging to try and figure out where things are going bad?

Thanks,
joe

I have recently installed CapAnalysis on my Debian 64bit using the .deb file.
After I restart the service this is what I have got if I run service capanalysis status

capanalysis.service - LSB: Starts/stop Capanalysis PCAP viewer
   Loaded: loaded (/etc/init.d/capanalysis)
   Active: active (exited) since Sun 2016-06-05 16:34:20 NZST; 6s ago
  Process: 25385 ExecStop=/etc/init.d/capanalysis stop (code=exited, status=0/SUCCESS)
  Process: 25392 ExecStart=/etc/init.d/capanalysis start (code=exited, status=0/SUCCESS)

Jun 05 16:34:20 bobby capanalysis[25392]: Starting : capanalysis  Error, Apa...g
Jun 05 16:34:20 bobby capanalysis[25392]: failed!
Hint: Some lines were ellipsized, use -l to show in full.

And CapAnalysis is not working on localhost:9877

Good Morning.
I installed capanalysis from the guide. I upload a file pcap captured from 30 days but I have only 4 days of analysis. The graph and timeline shows only 2 days of statistics

Whe I start capanalysis, postgresql and apache2 I can log into main page but i've received a red banner with the string: Error: An Internal Error Has Occured.

The log is ok, they write db version is 1.1 and capanalysis start from version 1.2