The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).

Xplico is released under the GNU General Public License and with some scripts under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0) License and It allows concurrent access by multiple users. Any user can manage one or more Cases.

Features:

• Port Independent Protocol Identification (PIPI) for each application protocol

• Multithreading

• Output data and information in SQLite database or Mysql database and/or files

• At each data reassembled by Xplico is associated an XML file that uniquely identifies the flows and the pcap containing the data reassembled

• Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer -RAM, CPU, HD access time, …-)

• TCP reassembly with ACK verification for any packet or soft ACK verification

• Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server

• No size limit on data entry or the number of files entrance (the only limit is HD size)

• IPv4 and IPv6 support

• Modularity. Each Xplico component is modular. The input interface, the protocol decoder (Dissector) and the output interface (dispatcher) are all modules

• The ability to easily create any kind of dispatcher with which to organize the data extracted in the most appropriate and useful to you

Install

sudo bash -c 'echo "deb http://repo.xplico.org/ $(lsb_release -s -c) main" >> /etc/apt/sources.list'
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 791C25CE
sudo apt-get update
sudo apt-get install xplico