{"id":2005,"date":"2009-08-10T09:54:17","date_gmt":"2009-08-10T09:54:17","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=2005"},"modified":"2015-09-09T19:37:57","modified_gmt":"2015-09-09T11:37:57","slug":"xplico-network-forensic-analysis-tool","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2009\/08\/xplico-network-forensic-analysis-tool\/","title":{"rendered":"Xplico &#8211; Network Forensic Analysis Tool"},"content":{"rendered":"<p>[ad]<\/p>\n<p>The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn\u2019t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT). Xplico is released under the GNU General Public License (see License for more details).<\/p>\n<p><strong>Xplico Features<\/strong><\/p>\n<ul>\n<li>Protocols supported: HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6, \u2026;<\/li>\n<li>Port Independent Protocol Identification (PIPI) for each application protocol;<\/li>\n<li>Multithreading;<\/li>\n<li>Output data and information in SQLite database or Mysql database and\/or files;<\/li>\n<li>At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled;<\/li>\n<li>Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer -RAM, CPU, HD access time, \u2026-);<\/li>\n<li>TCP reassembly with ACK verification for any packet or soft ACK verification;<\/li>\n<li>Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;<\/li>\n<li>No size limit on data entry or the number of files entrance (the only limit is HD size);<\/li>\n<li>IPv4 and IPv6 support<\/li>\n<li>Modularity. Each Xplico component is modular. The input interface, the protocol decoder (Dissector) and the output interface (dispatcer) are all modules<\/li>\n<li>The ability to easily create any kind of dispatcer with which to organize the data extracted in the most appropriate and useful to you<\/li>\n<\/ul>\n<p>You can download Xplico 0.5.2 here:<\/p>\n<p><a href=\"http:\/\/sourceforge.net\/projects\/xplico\/files\/xplico\/version%200.5.2\/xplico-0.5.2.tgz\/download\">xplico-0.5.2.tgz<\/a><\/p>\n<p><!--adsense#New468--><\/p>\n<p>Or read more <a href=\"http:\/\/www.xplico.org\/\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[ad] The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn\u2019t a network protocol analyzer. Xplico is an open source Network [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[28,9,5],"tags":[1704,8858,2066],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/2005"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=2005"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/2005\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=2005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=2005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=2005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}