Difference between revisions of "Xplico"

From ForensicsWiki
Jump to: navigation, search
m
Line 8: Line 8:
 
}}
 
}}
  
The '''Xplico''' is a Network Forensic Analysis Tool (NFAT). The main scope of Xplico is extract from a network capture (pcap file or real-time acquisition) all application data content. For example, Xplico from a pcap file is able to extract all emails carried by the POP and SMTP protocols and all content carried by HTTP protocols.
+
The '''Xplico''' is a Network Forensic Analysis Tool (NFAT). The main scope of Xplico is to extract all application data content from a network capture (pcap file or real-time acquisition). For example, Xplico is able to extract all e-mails carried by the POP and SMTP protocols, and all content carried by HTTP protocol from a pcap file.
 
<h2>Features</h2>
 
<h2>Features</h2>
 
             <ul>
 
             <ul>
Line 14: Line 14:
 
               <li>Port Independent Protocol Identification (PIPI) for each application protocol;</li>
 
               <li>Port Independent Protocol Identification (PIPI) for each application protocol;</li>
 
               <li>Multithreading;</li>
 
               <li>Multithreading;</li>
               <li>Output data and information in SQLite database or Mysql database and/or files;</li>
+
               <li>Output data and information in SQLite database or MySQL database and/or files;</li>
               <li>At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled;</li>
+
               <li>At each data reassembled by Xplico is associated a [[XML]] file that uniquely identifies the flows and the pcap containing the data reassembled;</li>
 
               <li>Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer ---RAM, CPU, HD access time, ...--- );</li>
 
               <li>Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer ---RAM, CPU, HD access time, ...--- );</li>
 
               <li>TCP reassembly with ACK verification for any packet or soft ACK verification;</li>
 
               <li>TCP reassembly with ACK verification for any packet or soft ACK verification;</li>
 
               <li>Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;</li>
 
               <li>Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;</li>
               <li>No size limit on data entry or the number of files entrance (the only limit is HD size);</li>
+
               <li>No size limit on data entry or the number of files entrance (the only limit is HD size).</li>
 
             </ul>
 
             </ul>

Revision as of 10:51, 8 October 2008

Xplico
Maintainer: Gianluca Costa & Andrea de Franceschi
OS: Linux
Genre: Analysis
License: GPL
Website: www.xplico.org

The Xplico is a Network Forensic Analysis Tool (NFAT). The main scope of Xplico is to extract all application data content from a network capture (pcap file or real-time acquisition). For example, Xplico is able to extract all e-mails carried by the POP and SMTP protocols, and all content carried by HTTP protocol from a pcap file.

Features

  • Protocols supported: HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...;
  • Port Independent Protocol Identification (PIPI) for each application protocol;
  • Multithreading;
  • Output data and information in SQLite database or MySQL database and/or files;
  • At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled;
  • Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer ---RAM, CPU, HD access time, ...--- );
  • TCP reassembly with ACK verification for any packet or soft ACK verification;
  • Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;
  • No size limit on data entry or the number of files entrance (the only limit is HD size).