Difference between revisions of "Xplico"

From ForensicsWiki
Jump to: navigation, search
 
Line 12: Line 12:
 
             <ul>
 
             <ul>
 
               <li>Protocols supported: [http://www.xplico.org/status HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...];</li>
 
               <li>Protocols supported: [http://www.xplico.org/status HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...];</li>
 +
              <li> VoIP audio codecs supported: G711ulaw, G711alaw, G722, G729, G723, G726 and MSRTA (x-msrta:Real Time Audio)
 
               <li>Port Independent Protocol Identification (PIPI) for each application protocol;</li>
 
               <li>Port Independent Protocol Identification (PIPI) for each application protocol;</li>
 
               <li>Multithreading;</li>
 
               <li>Multithreading;</li>
Line 21: Line 22:
 
               <li>No size limit on data entry or the number of files entrance (the only limit is HD size).</li>
 
               <li>No size limit on data entry or the number of files entrance (the only limit is HD size).</li>
 
             </ul>
 
             </ul>
 +
 +
<h2>Demo and Cloud computing</h2>
 +
<ul>
 +
    <li>Demo with full features: [http://demo.xplico.org Demo]</li>
 +
    <li>VoIP decoding, from pcap to wav file:  [http://pcap2wav.xplico.org pcap2wav]</li>
 +
</ul>

Latest revision as of 03:42, 11 June 2012

Xplico
Maintainer: Gianluca Costa & Andrea de Franceschi
OS: Linux
Genre: Analysis
License: GPL
Website: www.xplico.org

The Xplico is a Network Forensic Analysis Tool (NFAT). The main scope of Xplico is to extract all application data content from a network capture (pcap file or real-time acquisition). For example, Xplico is able to extract all e-mails carried by the POP and SMTP protocols, and all content carried by HTTP protocol from a pcap file.

Features

  • Protocols supported: HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...;
  • VoIP audio codecs supported: G711ulaw, G711alaw, G722, G729, G723, G726 and MSRTA (x-msrta:Real Time Audio)
  • Port Independent Protocol Identification (PIPI) for each application protocol;
  • Multithreading;
  • Output data and information in SQLite database or MySQL database and/or files;
  • At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled;
  • Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer ---RAM, CPU, HD access time, ...--- );
  • TCP reassembly with ACK verification for any packet or soft ACK verification;
  • Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;
  • No size limit on data entry or the number of files entrance (the only limit is HD size).

Demo and Cloud computing

  • Demo with full features: Demo
  • VoIP decoding, from pcap to wav file: pcap2wav