Xplico: concept, features and demo.

Xplico, NFAT For example, from a pcap file Xplico extracts each email (POP, IMAP, SMTP and some webmails protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT). The goal of Xplico is extract from an internet traffic capture the applications data contained.

Xplico – GNU's State of art Decoded protocols Jan. 2010

Xplico - Layers and protocols supported March 2010

Xplico – Working modes Modes Offline → PCAP Online → Network adapter From CLI or web interface johndoe@testbed02:/opt/xplico/bin$ ./xplico -m rltm -i eth0

Xplico – Some screenshots

Xplico - Architecture Dema, Xplico, XI, DB

Real time demo of Xplico. Xplico - Demo Real time demo of Xplico.

Xplico - Tips & tricks ”No checksum verification mode” available (solving non trustable software/hardware adquiring data systems). [FOR DEVELOPERS] lastdata.txt, index of decoded information. Non decoded flows are stored.

Xplico - Resources Downloads tar.gz (sources) DEB Virtualbox image Wiki Captures Samples repository http://wiki.xplico.org/doku.php?id=pcap:pcap Forum (supported directly and quickly by developers).

Xplico PCAP capture demo of Xplico. Public pcap samplehttp://wiki.xplico.org/lib/exe/fetch.php?media=pcap:xplico.org_sample_capture_protocols_supported_in_0.5.5.pcap.bz2

Xplico Roadmap Short term: Gmail and VoIP dissectors. Middle term: IM and p2p dissectors. Long term: advanced adquisition and decoding tools. Contributors are welcome.

Comments and questions.