Xplico v0.5.3 released

by

In: Forensics , Network Monitoring , Xplico

18 November 2009

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).

Xplico is released under the GNU General Public License.

PNG - 28.4 kb

Version 0.5.3

  • snoop Packet Capture File Format as input file
  • DNS dissector with graphical representation in Xplico Interface (XI)
  • NNTP dissector
  • PPPOE dissector
  • direct live acquisition from XI
  • new dispatcher named CLI: this dispatcher organize the data extracted in a tree as this:
         xdecode/<ip_src_1>/http
         xdecode/<ip_src_1>/mail/
         xdecode/<ip_src_1>/nntp
         xdecode/<ip_src_1>/ftp
         xdecode/<ip_src_1>/...
         xdecode/<ip_src_2>/http
         xdecode/<ip_src_2>/mail/
         xdecode/<ip_src_2>/nntp
         xdecode/<ip_src_2>/ftp
         xdecode/<ip_src_2>/...
  • default CLI dispatcher in command line execution
  • file extension for the HTTP contents

More information: here

Post scriptum

Compliance Mandates

  • Forensics :

    PCI DSS 10.2, 12.9, A.1.4*, SOX DS7, HIPAA 164.308(a)(1) and (a)(6), FISMA IR-7, ISO 27001/27002 13.2.1, 13.2.3
    *Shared Hosting Providers Only

  • Network Monitoring :

    PCI DSS Requirements 3, 4, SOX DS13.4, HIPAA 164.310(d)(1),
    164.312(a)(2)(iv), FISMA SI-4, AU-2, ISO 27001/27002 12.5.4, 15.1.5


Related Articles

Forensics
Network Monitoring
Xplico