Difference between revisions of "Xplico"

From Forensics Wiki
Jump to: navigation, search
Line 19: Line 19:
 
               <li>Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;</li>
 
               <li>Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;</li>
 
               <li>No size limit on data entry or the number of files entrance (the only limit is HD size);</li>
 
               <li>No size limit on data entry or the number of files entrance (the only limit is HD size);</li>
               <li>Protocols suppored: [http://www.xplico.org/status.html HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...];</li>
+
               <li>Protocols supported: [http://www.xplico.org/status.html HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...];</li>
 
             </ul>
 
             </ul>

Revision as of 09:55, 19 May 2008

Xplico
Maintainer: Gianluca Costa & Andrea de Franceschi
OS: Linux
Genre: Analysis
License: GPL
Website: www.xplico.org

The Xplico is a Network Forensic Analysis Tool (NFAT). The main scope of Xplico is extract from a network capture (pcap file or real-time acquisition) all application data content. For example, Xplico from a pcap file is able to extract all emails carried by the POP and SMTP protocols and all content carried by HTTP protocols.

Features

  • Port Independent Protocol Identification (PIPI) for each application protocol;
  • Multithreading;
  • Output data and information in SQLite database or Mysql database and/or files;
  • At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled;
  • Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer ---RAM, CPU, HD access time, ...--- );
  • TCP reassembly with ACK verification for any packet or soft ACK verification;
  • Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;
  • No size limit on data entry or the number of files entrance (the only limit is HD size);
  • Protocols supported: HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...;