Description:
A lot of times when we audit network traffic, we are left with huge dumps of PCAP trace files and we just wish we could do something meaningful with it.
Xplico, a recently released tool by Gianluca Costa & Andrea De Franceschi addresses this problem head-on. Xplico is a Network Forensic Analysis Tool (NFAT) released under GNU GPL. The goal of Xplico is to extract from an Internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer.
In this two part video demo of Xplico created by
Bricowifi, we will see how to get started with the tool and analyze traffic live or from an offline pcap file. Bricowifi demonstrates how images, videos, ftp passwords and a host of other things can be retreived from pcap files using Xplico. I highly recommend watching the 2 videos to sample the powerful capabilities with which Xplico ships. Also, Bricowifi has created a detailed tutorial on Xplico
usage in French here.
You can
download Xplico from their site here. I would highly recommend this tool to anyone who is serious about analyzing flows and data in pcap files. Enjoy!
Tags: tools ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: