Xplico extracts vital information from a pcap file for forensic analysis, Xplico can extract email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), and so on. Xplico is an enhanced open source Network Forensic Analysis Tool (NFAT).
Some of the Xplico features include:
• Protocols supported: HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6
• Port Independent Protocol Identification (PIPI) for each application protocol
• Multi-threading
• Output data and information in SQLite database or Mysql database and/or files
• At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled
• Real-time elaboration (depends on the number of flows, the types of protocols and by the performance of computer -RAM, CPU, HD access time, …-)
• TCP reassembly with ACK verification for any packet or soft ACK verification
• Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server
• No size limit on data entry or the number of files entrance (the only limit is HD size)
Xplico can be downloaded from here.
Xplico package for Ubuntu 9.04. is available here.
Hi, Amazing! Not clear for me, how offen you updating your bharath.bitupdate.com.
Thank you
Greatings, Super post, Need to mark it on Digg