ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Xplico"

From ForensicsWiki
Jump to: navigation, search
m
Line 8: Line 8:
 
}}
 
}}
  
The '''Xplico''' is a Network Forensic Analysis Tool (NFAT). The main scope of Xplico is extract from a network capture (pcap file or real-time acquisition) all application data content. For example, Xplico from a pcap file is able to extract all emails carried by the POP and SMTP protocols and all content carried by HTTP protocols.
+
The '''Xplico''' is a Network Forensic Analysis Tool (NFAT). The main scope of Xplico is to extract all application data content from a network capture (pcap file or real-time acquisition). For example, Xplico is able to extract all e-mails carried by the POP and SMTP protocols, and all content carried by HTTP protocol from a pcap file.
 
<h2>Features</h2>
 
<h2>Features</h2>
 
             <ul>
 
             <ul>
Line 14: Line 14:
 
               <li>Port Independent Protocol Identification (PIPI) for each application protocol;</li>
 
               <li>Port Independent Protocol Identification (PIPI) for each application protocol;</li>
 
               <li>Multithreading;</li>
 
               <li>Multithreading;</li>
               <li>Output data and information in SQLite database or Mysql database and/or files;</li>
+
               <li>Output data and information in SQLite database or MySQL database and/or files;</li>
               <li>At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled;</li>
+
               <li>At each data reassembled by Xplico is associated a [[XML]] file that uniquely identifies the flows and the pcap containing the data reassembled;</li>
 
               <li>Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer ---RAM, CPU, HD access time, ...--- );</li>
 
               <li>Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer ---RAM, CPU, HD access time, ...--- );</li>
 
               <li>TCP reassembly with ACK verification for any packet or soft ACK verification;</li>
 
               <li>TCP reassembly with ACK verification for any packet or soft ACK verification;</li>
 
               <li>Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;</li>
 
               <li>Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;</li>
               <li>No size limit on data entry or the number of files entrance (the only limit is HD size);</li>
+
               <li>No size limit on data entry or the number of files entrance (the only limit is HD size).</li>
 
             </ul>
 
             </ul>

Revision as of 15:51, 8 October 2008

Xplico
Maintainer: Gianluca Costa & Andrea de Franceschi
OS: Linux
Genre: Analysis
License: GPL
Website: www.xplico.org

The Xplico is a Network Forensic Analysis Tool (NFAT). The main scope of Xplico is to extract all application data content from a network capture (pcap file or real-time acquisition). For example, Xplico is able to extract all e-mails carried by the POP and SMTP protocols, and all content carried by HTTP protocol from a pcap file.

Features

  • Protocols supported: HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...;
  • Port Independent Protocol Identification (PIPI) for each application protocol;
  • Multithreading;
  • Output data and information in SQLite database or MySQL database and/or files;
  • At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled;
  • Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer ---RAM, CPU, HD access time, ...--- );
  • TCP reassembly with ACK verification for any packet or soft ACK verification;
  • Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;
  • No size limit on data entry or the number of files entrance (the only limit is HD size).