Xplico - Now with GSM support

4 replies [Last post]
EverestX
EverestX's picture
Offline
SX Crew
Joined: 2009/05/15

I wanted to take a second to post this new tool I've been fiddling with lately, XPLICO.

A little info from xplico homepage http://www.xplico.org/

"The goal of Xplico is extract from an Internet traffic capture the applications data contained.
For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT)."

In a nut shell, it's like Wireshark on crack. Rather than digging through the individual packets and putting them back together this will dissect and parse the individual protocols and traffic back out to human readable. Anyone who has ever reassembled emails like this can vouch for the pita it is.

Anyone who works in a industry where captures live from the wire, or from cap file can see the use and abuse of such a product. You can select specific dissectors for the traffic of interest.

I found a good bit of info on configuring this at the link below.
http://wiki.xplico.org/doku.php/tutorial:0.5.2

I'd highly advise checking out some screen shots at the following link, the interface is very nice. I like the geomap!
http://www.xplico.org/screenshot