XPLICO Tool for Network Forensic
Xplico is a project released under GPL that decodes packet captures (PCAP), extracting the likes of email content (POP, IMAP, and SMTP protocols), all HTTP content, VoIP calls (SIP), IM chats, FTP, TFTP, and many others. It can be used on platforms with an embedded ARM core processor or typical multi-core servers, making optimal use of available resources.
” The project team is currently finishing the development of:
- Web MSN dissector and manipulator
- VoIP MGCP dissector
- SMB dissector
- Web Yahoo! chat dissector and manipulator
- Improvements to the Python3 script
Currently you can find Xplico included in BackTrack, DEFT Linux, Orion, GnackTrack, Security Onion, and other similar Live CD/ DVD distributions. If you wish to roll Xplico from source or work through your own installation options with the Debian/Ubuntu package, You can download the bits from SourceForge.
After installation you can Login to Xplico via a browser http://<XplicoHost>:9876 the default username and password are xplico/xplico while User administrator: admin/ xplico you start by changing the password.” (1)
At this point we can create a new case. In Xplico the case coincides with listening point (capture point in the network), this because the Xplico system (decoding manager, decoder, manipulators..) try to correlate the data extracted, to:
- emulate browser cache
- reconstruct P2P files (downloaded in many days)
- reconstruct files downloaded with tool
For every case we have to define:
- a name (Unique is better)
- the source of data, or whether from files or from network interface
- Optionally an external reference. This external reference can help you to locate the repository of this new case.
The email page presents a list of all emails sent and received:
Entering in Web menu we can view all HTTP contents of the session. We can select or search content:
You can even have a Geomap as Xplico produces a KML file, this file, used with Google Earth, allow you to have a temporal and geographical map of connections decoded by Xplico:
Xplico is not a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
Reference:
(1) Russ McRee article about Xplico for ISSA Journal. PDF file can be downloaded here.
make sure you subscribe to my RSS feed!
#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmx1V #infosec
#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmwrg #infosec
#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmwrr #infosec
#Security #security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmwrt #Open_Source #Tools #infosec #infosec
#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmwvv #infosec
#security XPLICO Tool for Network Forensic Tool http://dlvr.it/VmwrS #infosec
#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmwvs #infosec
#Security #infosec XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes pa… http://bit.ly/kwmhUi
#Security #infosec XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes pa… http://bit.ly/kwmhUi
#XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes… http://goo.gl/fb/JbLep
RT @_joviann_: [SecTechno] XPLICO Tool for Network Forensic Tool http://bit.ly/kwmhUi #security
RT @sectechno: XPLICO Tool for Network Forensic Tool http://bit.ly/mjvi4P #security #infosec
XPLICO Tool for Network Forensic Tool http://www.sectechno.com/2011/06/10/xplico-tool-for-network-forensic-tool/
#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmx6Z #infosec
#security XPLICO Tool for Network Forensic Tool http://dlvr.it/VmxCw #infosec
#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmx5j #infosec
#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmx21 #infosec
XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes packet captures (PCAP… http://bit.ly/kwmhUi
#XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes… http://goo.gl/fb/JbLep
#XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes… http://goo.gl/fb/JbLep
#Security #infosec XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes pa… http://bit.ly/kwmhUi
#Security #infosec XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes pa… http://bit.ly/kwmhUi
XPLICO Tool for Network Forensic: [sectechno.com] is a project released under GPL that decodes packet captures… http://cybr.tk/Vr0Pq
#Security #infosec XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes pa… http://bit.ly/kwmhUi
#XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes… http://goo.gl/fb/JbLep
#XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes… http://goo.gl/fb/JbLep
XPLICO Tool for Network Forensic Tool http://t.co/HOeG9m7
XPLICO Tool for #Network #Forensic http://www.sectechno.com/2011/06/10/xplico-tool-for-network-forensic-tool/ #security #backtrack <<
XPLICO Tool for #Network #Forensic http://www.sectechno.com/2011/06/10/xplico-tool-for-network-forensic-tool/ #security #backtrack <<
RT @MBenLakhoua: RT @sectechno: XPLICO Tool for Network Forensic http://bit.ly/mjvi4P #security #infosec
RT @MBenLakhoua: RT @sectechno: XPLICO Tool for Network Forensic http://bit.ly/mjvi4P #security #infosec
XPLICO Tool for Network Forensic Tool http://www.sectechno.com/2011/06/10/xplico-tool-for-network-forensic-tool/
XPLICO Tool for Network Forensic Tool http://www.sectechno.com/2011/06/10/xplico-tool-for-network-forensic-tool/
#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmx6Z #infosec
#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmx6Z #infosec
#security XPLICO Tool for Network Forensic Tool http://dlvr.it/VmxCw #infosec
RT @Sectechno: XPLICO Tool for Network Forensic #Forensics #network discovery #Network Monitoring #open source http://t.co/hHA4qwY
RT @Secubis: #Security XPLICO Tool for Network Forensic analysis http://dlvr.it/Vmwrt #Open_Source #Tools #infosec #in
RT @Secubis: #Security XPLICO Tool for Network Forensic analysis http://dlvr.it/Vmwrt #Open_Source #Tools #infosec #in
RT @Secubis: #Security XPLICO Tool for Network Forensic analysis http://dlvr.it/Vmwrt #Open_Source #Tools #infosec #in
RT @Sectechno: XPLICO Tool for Network Forensic #Forensics #network discovery #Network Monitoring #open source http://t.co/hHA4qwY
RT @Sectechno: XPLICO Tool for Network Forensic #Forensics #network discovery #Network Monitoring #open source http://t.co/hHA4qwY
RT @Sectechno: XPLICO Tool for Network Forensic #Forensics #network discovery #Network Monitoring #open source http://t.co/hHA4qwY
RT @Secubis: #Security XPLICO Tool for Network Forensic analysis http://dlvr.it/Vmwrt #Open_Source #Tools #infosec #in
RT @Secubis: #Security XPLICO Tool for Network Forensic analysis http://dlvr.it/Vmwrt #Open_Source #Tools #infosec #in
RT @Secubis: #Security XPLICO Tool for Network Forensic analysis http://dlvr.it/Vmwrt #Open_Source #Tools #infosec #in
http://bit.ly/kPunGX XPLICO Tool for Network Forensic < email, http and ftp files reconstruction with a nice gui. Super cool ! #security
http://bit.ly/kPunGX XPLICO Tool for Network Forensic < email, http and ftp files reconstruction with a nice gui. Super cool ! #security
http://bit.ly/kPunGX XPLICO Tool for Network Forensic < email, http and ftp files reconstruction with a nice gui. Super cool ! #security
[Sec Tools] XPLICO for Network Forensic http://bit.ly/jjlpA8