I have been playing around with xplico which is a NFAT (Network Forensics Analysis Tool) tool included in Backtrack Linux. Pretty cool application though there are some things I am still figuring out or may be caused by the version be older in Backtrack. One of the main items where I could see new users to Xplico running into is actually noted numerous times on Xplico’s website and so I simply wanted to expand on what has already been noted there. If you are having issues uploading pcap files via the Xplico web interface then it is likely related to the size of the pcap file and the size that the Apache web server will accept. Use the information below to modify the web server configuration to allow larger files to be uploaded.
I received the below error when troubleshooting an issue reported to me by a client regarding one of their intranet web sites not working properly. After some poking around I noticed that there were numerous segmentation faults being reported in the Apache error logs. I had previously set up the server to dump core files when there were segmentation faults within Apache so troubleshooting the error was fairly easy. It ended up being a connection issue with an AS400 that was down over the weekend at the company and I was able to verify this using the below information.