XPLICO Tool for Network Forensic

Xplico is a project released under GPL that decodes packet captures (PCAP), extracting the likes of email content (POP, IMAP, and SMTP protocols), all HTTP content, VoIP calls (SIP), IM chats, FTP, TFTP, and many others. It can be used on platforms with an embedded ARM core processor or typical multi-core serv­ers, making optimal use of available resources.

” The project team is currently finishing the development of:

  • Web MSN dissector and manipulator
  • VoIP MGCP dissector
  • SMB dissector
  • Web Yahoo! chat dissector and manipulator
  • Improvements to the Python3 script

Currently you can find Xplico included in BackTrack, DEFT Linux, Orion, GnackTrack, Security Onion, and other similar Live CD/ DVD distributions. If you wish to roll Xplico from source or work through your own installation options with the Debian/Ubuntu package, You can download the bits from SourceForge.

After installation you can Login to Xplico via a browser http://<XplicoHost>:9876 the default username and password are xplico/xplico while User administrator: admin/ xplico you start by changing the password.” (1)

At this point we can create a new case. In Xplico the case coincides with listening point (capture point in the network), this because the Xplico system (decoding manager, decoder, manipulators..) try to correlate the data extracted, to:

  • emulate browser cache
  • reconstruct P2P files (downloaded in many days)
  • reconstruct files downloaded with tool

For every case we have to define:

  • a name (Unique is better)
  • the source of data, or whether from files or from network interface
  • Optionally an external reference. This external reference can help you to locate the repository of this new case.

The email page presents a list of all emails sent and received:

Entering in Web menu we can view all HTTP contents of the session. We can select or search content:

You can even have a Geomap as Xplico produces a KML file, this file, used with Google Earth, allow you to have a temporal and geographical map of connections decoded by Xplico:

Xplico is not a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).

Reference:

(1) Russ McRee article about Xplico for ISSA Journal. PDF file can be downloaded here.

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
51 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmx1V #infosec

trackback

#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmwrg #infosec

trackback

#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmwrr #infosec

trackback

#Security #security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmwrt #Open_Source #Tools #infosec #infosec

trackback

#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmwvv #infosec

trackback

#security XPLICO Tool for Network Forensic Tool http://dlvr.it/VmwrS #infosec

trackback

#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmwvs #infosec

trackback

#Security #infosec XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes pa… http://bit.ly/kwmhUi

trackback

#Security #infosec XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes pa… http://bit.ly/kwmhUi

trackback

#XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes… http://goo.gl/fb/JbLep

trackback

RT @_joviann_: [SecTechno] XPLICO Tool for Network Forensic Tool http://bit.ly/kwmhUi #security

trackback

RT @sectechno: XPLICO Tool for Network Forensic Tool http://bit.ly/mjvi4P #security #infosec

trackback
trackback

#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmx6Z #infosec

trackback

#security XPLICO Tool for Network Forensic Tool http://dlvr.it/VmxCw #infosec

trackback

#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmx5j #infosec

trackback

#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmx21 #infosec

trackback

XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes packet captures (PCAP… http://bit.ly/kwmhUi

trackback

#XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes… http://goo.gl/fb/JbLep

trackback

#XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes… http://goo.gl/fb/JbLep

trackback

#Security #infosec XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes pa… http://bit.ly/kwmhUi

trackback

#Security #infosec XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes pa… http://bit.ly/kwmhUi

trackback

XPLICO Tool for Network Forensic: [sectechno.com] is a project released under GPL that decodes packet captures… http://cybr.tk/Vr0Pq

trackback

#Security #infosec XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes pa… http://bit.ly/kwmhUi

trackback

#XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes… http://goo.gl/fb/JbLep

trackback

#XPLICO Tool for Network Forensic Tool: Xplico is a project released under GPL that decodes… http://goo.gl/fb/JbLep

trackback

XPLICO Tool for Network Forensic Tool http://t.co/HOeG9m7

trackback

XPLICO Tool for #Network #Forensic http://www.sectechno.com/2011/06/10/xplico-tool-for-network-forensic-tool/ #security #backtrack <<

trackback

XPLICO Tool for #Network #Forensic http://www.sectechno.com/2011/06/10/xplico-tool-for-network-forensic-tool/ #security #backtrack <<

trackback

RT @MBenLakhoua: RT @sectechno: XPLICO Tool for Network Forensic http://bit.ly/mjvi4P #security #infosec

trackback

RT @MBenLakhoua: RT @sectechno: XPLICO Tool for Network Forensic http://bit.ly/mjvi4P #security #infosec

trackback
trackback
trackback

#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmx6Z #infosec

trackback

#security XPLICO Tool for Network Forensic Tool http://dlvr.it/Vmx6Z #infosec

trackback

#security XPLICO Tool for Network Forensic Tool http://dlvr.it/VmxCw #infosec

trackback

RT @Sectechno: XPLICO Tool for Network Forensic #Forensics #network discovery #Network Monitoring #open source http://t.co/hHA4qwY

trackback

RT @Secubis: #Security XPLICO Tool for Network Forensic analysis http://dlvr.it/Vmwrt #Open_Source #Tools #infosec #in

trackback

RT @Secubis: #Security XPLICO Tool for Network Forensic analysis http://dlvr.it/Vmwrt #Open_Source #Tools #infosec #in

trackback

RT @Secubis: #Security XPLICO Tool for Network Forensic analysis http://dlvr.it/Vmwrt #Open_Source #Tools #infosec #in

trackback

RT @Sectechno: XPLICO Tool for Network Forensic #Forensics #network discovery #Network Monitoring #open source http://t.co/hHA4qwY

trackback

RT @Sectechno: XPLICO Tool for Network Forensic #Forensics #network discovery #Network Monitoring #open source http://t.co/hHA4qwY

trackback

RT @Sectechno: XPLICO Tool for Network Forensic #Forensics #network discovery #Network Monitoring #open source http://t.co/hHA4qwY

trackback

RT @Secubis: #Security XPLICO Tool for Network Forensic analysis http://dlvr.it/Vmwrt #Open_Source #Tools #infosec #in

trackback

RT @Secubis: #Security XPLICO Tool for Network Forensic analysis http://dlvr.it/Vmwrt #Open_Source #Tools #infosec #in

trackback

RT @Secubis: #Security XPLICO Tool for Network Forensic analysis http://dlvr.it/Vmwrt #Open_Source #Tools #infosec #in

trackback

http://bit.ly/kPunGX XPLICO Tool for Network Forensic < email, http and ftp files reconstruction with a nice gui. Super cool ! #security

trackback

http://bit.ly/kPunGX XPLICO Tool for Network Forensic < email, http and ftp files reconstruction with a nice gui. Super cool ! #security

trackback

http://bit.ly/kPunGX XPLICO Tool for Network Forensic < email, http and ftp files reconstruction with a nice gui. Super cool ! #security

trackback

[Sec Tools] XPLICO for Network Forensic http://bit.ly/jjlpA8