LiFTeR: Changes for xplico
- August 25, 2021: xplico-1.2.2-3.{fc32,fc33,fc34,el7,el8}.x86_64.rpm -
xplico is an Internet traffic decoder.
Note: due to issues related to the version of PHP, the versions for Fedora and CentOS/RHEL 8 now use a Docker container based on Ubuntu 18.04.
To used this version, run the
/usr/bin/xplico
script and address the issues that that script highlights. Speifically some additional adjustments may need to be made. Here are some of the issues:- Fedora 32: If you see the error related to CGroups, follow the steps here.
- Fedora 33: If you see the error related to CGroups, follow the steps here.
- May 3, 2019: xplico-1.2.2-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and xplico-1.2.2-2.el7.x86_64.rpm -
xplico is an Internet traffic decoder.
The changes include:
- CakePHP updated to 2.10.17
- Migration from GeoIP to GeoIP2
- nDPI updated to 2.9
- April 8, 2019: xplico-1.2.1-2.el7.x86_64.rpm - xplico is an Internet traffic decoder.
This package was rebuilt because of the inclusion of Python 3.6 in the EPEL library.
- January 5, 2018: xplico-1.2.1-1.{fc22,fc23,fc24,fc25,fc26,fc27,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder.
See here for the changes since the last version (1.2.0) released to this repository.
- September 29, 2017: xplico-1.2.0-3.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder.
This version adds the missing documetation file /usr/share/doc/xplico-1.2.0/README.md .
- August 11, 2017: xplico-1.2.0-3.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder.
This version was recompiled for nDPI-2.0 and add python3.6 list of valid Python executables.
- February 4, 2017: xplico-1.2.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder.
Here are the chanes for this version:
- Migration from PHP5 to PHP7
- CakePHP 2.8
- IMAP bug fix
- Bugfix: reported on Security Onion
- December 8, 2016: xplico-1.1.1-6.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.x86_64.rpm - xplico is an Internet traffic decoder.
Xplico needs various variables set in the /etc/php.ini file.
These used to be set in the scripts provided by the package and in the script that starts Xplico.
They are now set in the configuration file for the Apache Web Server.
Nonetheless, when Xplico is installed, the Apache Web Server must be restarted if it was running and started otherwise.
Note also that Xplico is not avaible for Fedora 25. This is because of an incompatibility between PHP 7 which is provided with Fedora 25 and the version of CakePHP that was used to build Xplico (1.3.20).
- October 31, 2016: xplico-1.1.1-5.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.x86_64.rpm - xplico is an Internet traffic decoder.
Xplico needs various variables set in the /etc/php.ini file.
In all releases before this one, these variables were set only when the package was installed, and unset when the package was removed.
This method did not take into account new releases of the package of which /etc/php.ini is a part.
To solve this problem, the script that start xplico - /usr/sbin/xplico - has been changed to set these variables
every time xplico is started and return them to their previous values when xplico is stopped.
This technique makes xplico immune to changes in other packages installed on a system.
- October 21, 2016: xplico-1.1.1-4.el7.x86_64.rpm - xplico is an Internet traffic decoder.
This release uses systemctl instead of systemon CentOS/RHEL 7.
- October 21, 2016: xplico-1.1.1-3.el7.x86_64.rpm - xplico is an Internet traffic decoder.
This release was rebuilt to use the Python 3.3 code for CentOS/RHEL 7.
- July 15, 2016: xplico-1.1.1-2.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder.
This release was rebuilt to work with nDPI-1.8.
- November 13, 2015: xplico-1.1.1-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder.
This release was rebuilt to work with nDPI-1.6. All other suported systems were upgraded for release version consistency.
Note that RHEL/CentOS 5 is not supported due to a lack of Python Version 3 support.
Here are the changes since the last version (1.1.0):
- Whatsapp OS and Phone number
- Added MGCP dissector
- IMAP bug fixed
- July 2, 2015: xplico-1.1.0-3.{fc17,fc18,fc19,fc20,fc21,fc22,el6,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder.
This release was rebuilt to work with nDPI-1.6. All other suported systems were upgraded for release version consistency.
Note that RHEL/CentOS 5 is not supported due to a lack of Python Version 3 support.
- September 19, 2014: xplico-1.1.0-2.{fc17,el6}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder.
This release was rebuilt to work under CentOS/RHEL 7. All other suported systems were upgraded for release version consistency.
Note that RHEL/CentOS 5 is not supported due to a lack of Python Version 3 support.
- September 12, 2014: xplico-1.1.0-2.{fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder.
This release was rebuilt specifically for CentOS/RHEL 7. All other suported systems were upgraded for release version consistency.
Note that RHEL/CentOS 5 is not supported due to a lack of Python Version 3 support.
Note that Fedora 17 is not supported yet but support is expected soon.
- May 22, 2014: xplico-1.1.0-1.{fc18,fc19,fc20,el6}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder.
See here for the changes in this release.
Note that RHEL/CentOS 5 is not supported due to a lack of Python Version 3 support.
Note that Fedora 17 is not supported yet but support is expected soon.
- March 5, 2013: xplico-1.0.1-3.{fc15,fc16,fc17,fc18,el6}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder.
Note that RHEL/CentOS 5 is not supported due to a lack of Python Version 3 support.
This release includes support for Python version 3.3 which is the default for Fedora 18.
- October 19, 2012: xplico-1.0.1-1.{fc14,fc15,fc16,fc17,el6}.{i386,x86_64}.rpm - xplico is an Internet traffic decoder.
Note that RHEL/CentOS 5 is not supported due to a lack of Python Version 3 support.
It also assumes a web server, for example Apache, has been configured and is operational.
Here are the changes since 1.0.0:
- nDPI integration
- performace improved
- FTP dissector improved
- Added the prism dissector
- CLI execution bug fixed
- PCAP-over-IP SSL encryption
- IRC dissector improvements
- File reconstruction from Fragmented Payloads improved
- FaceBook Chat updated
- FaceBook Message (partial)
- HTTP without initial packets (packets lost)
- RTP dissector imporved
- PCAP2WAV, RTP2WAV interface added
- July 18, 2012: xplico-1.0.0-2.{fc14,fc15,fc16,fc17,el6}.{i386,x86_64}.rpm - xplico is an Internet traffic decoder.
Note that RHEL/CentOS 5 is not supported due to a lack of Python Version 3 support.
It also assumes a web server, for example Apache, has been configured and is operational.
Here is the list of changes:
- The postinstall script conditions the /etc/php.ini configuration file for PHP so that xplico works without manual intervention. The changes are:
- Asserts short_open_tag if it is current set to Off.
- Sets post_max_size to 100M which is the recomended value.
- Sets upload_max_filesize to 100M which is the recomended value.
- Sets date.timezone to US/Eastern. If this is not appropriate for your time zone, you will need to edit /etc/php.ini by hand.
- The preuninstall script undoes the aforementioned change to /etc/php.ini configuration file, but only if the changes were made by the postinstall executed when xplico was installed or updated.
- The postinstall and preinstall scripts now use systemctl for Fedora 16 and beyond,
- The postinstall script conditions the /etc/php.ini configuration file for PHP so that xplico works without manual intervention. The changes are:
- March 7, 2012: xplico-1.0.0-1.{fc13,fc14,fc15,fc16,el6}.{i386,x86_64}.rpm - xplico is an Internet traffic decoder.
Note that RHEL/CentOS 5 is not supported due to a lack of Python Version 3 support.
Here is the list of changes:
- SQLite dispatcher performance improved
- Added the PPI dissector
- Added the syslog dissector
- Added "Bogus IP length" correction with checksum verification disabled
- New Facebook Chat dissector for the new Facebook chat protocol
- SIP dissector improved
- IMAP dissector improved and bugs fixed
- DNS dissector PIPI improved
- Yahoo Webmail bugs fixed
- Live/Hotmail WebMail Spanish version
- GeoMap improved
- PCap-over-IP
- python3-3.1.2-7.fc13.i686.rpm
- python3-libs-3.1.2-7.fc13.i686.rpm
- python3-httplib2-0.6.0-3.fc14.noarch.rpm
- December 8, 2011: xplico-0.7.1-1.{fc13,fc14,fc15,fc16}.{i386,x86_64}.rpm - xplico is an Internet traffic decoder.
See the Xplico website for the list of changes in this version. Note that RHEL/CentOS is not supported due to a lack of
Python Version 3 support.
- June 6, 2011: xplico-0.6.3-1.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - xplico is an Internet traffic decoder. The following changes were made:
- 32 and 64 bit
- new decoding manager (DeMa): version 0.3.1
- mfile manipulator (HTTP file transfer) bug fixes
- WebMail scripts improved
- HTTP dissector improved
- XI: upgraded the javascript libraries
- May 6, 2011: xplico-0.6.2-1.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - xplico is an Internet traffic decoder. The following changes were made:
- l7-patterns for all flows/protocols not decoded by xplico
- Xplico Interface (XI) improved
- python3 porting of many scripts
- realtime capture module improved
- facebook chat realtime views
- UTC/localtime bug fixes
- l2tp dissector bug fixes
- cli and lite dispatchers bug fixes
- telnet dissector bug fixes
- March 1, 2011: xplico-0.6.1-6.fc{12,13,14}.{i386,x86_64}.rpm and xplico-0.6.1-6.fc11.i386.rpm - xplico is an Internet traffic decoder.
This release no longer automatically configures xplico to automatically start on system boot. This configuration should be done in tandem with the configuration
of httpd upon which it relies.
- December 10, 2010: xplico-0.6.1-5.fc{12,13,14}.{i386,x86_64}.rpm and xplico-0.6.1-5.fc11.i386.rpm - xplico is an Internet traffic decoder.
It has both a command cli interface and a Web interface (using http://localhost:9876). Please note that this version
preserves previous instances of the xplico database that contains created cases and uploaded sessions.
- November 30, 2010: xplico-0.6.0-10.fc{12,13,14}.{i386,x86_64}.rpm, xplico-0.6.0-10.fc11.i386.rpm - xplico is an Internet traffic decoder.
It has both a command cli interface and a Web interface (using http://localhost:9876).