I think Xplico is a good choice, on bt4 ;)
"The goal of Xplico is extract from an internet traffic capture the applications data contained.
For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isnít a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
Xplico is released under the GNU General Public License"
Sounds like a great idea, Backtrack could use some more network forensic analysis tools, I'm not to criticize it, but is it set up well and have you tried it out yourself, just out of curiosity .
I've tried building it in BT4 pre-final from the current source(0.5.2) as well as using their installer with no success. Their installer really did a number on my machine. It took me about an hour to clean up that mess (I think I've reverted everything back to where it was...) I was going to file a bug report on the site but I couldn't trace all the errors. Just about every script in the installer had multiple build errors. Most of them looked like they were trying to install 64bit libs on a 32bit system even though the installer asks for the os version when it first starts.
If someone does manage to get this working I'd be curious to hear how you managed.
It's a really big process... Check it out:
Originally Posted by crooks
apt-get install sqlite tcpdump tshark libx11-dev libxt-dev libxi-dev apache2 php5 php5-sqlite build-essential perl zlib1g-dev libpcap-dev libsqlite0-dev libmysqlclient15-dev python2.5-minimal python2.5 python-all
tar zxvf xplico-0.5.2.tgz
tar zxvf GeoIP-1.4.5.tar.gz
rm -f *.tar.gz
gzip -d GeoLiteCity.dat.gz
rm -f *dat.gz
tar jxvf ghostpdl-8.70.tar.bz2
rm -f *.bz2
cp /tmp/ghostpdl-8.70/main/obj/pcl6 /tmp/xplico/
rm -rf ghostpdl-8.70
tar zxvf xplico_interface-0.5.2.tgz
rm -f *2.tgz
chmod -R 777 gui.xplico.org
-->edit /etc/apache2/ports.conf to match the following:
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# xplico Host port
post_max_size = 100M
upload_max_filesize = 100M
And you're done.