Description:

A lot of times when we audit network traffic, we are left with huge dumps of PCAP trace files and we just wish we could do something meaningful with it. Xplico , a recently released tool by Gianluca Costa & Andrea De Franceschi addresses this problem head-on. Xplico is a Network Forensic Analysis Tool (NFAT) released under GNU GPL. The goal of Xplico is to extract from an Internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer.In this two part video demo of Xplico created by Bricowifi , we will see how to get started with the tool and analyze traffic live or from an offline pcap file. Bricowifi demonstrates how images, videos, ftp passwords and a host of other things can be retreived from pcap files using Xplico. I highly recommend watching the 2 videos to sample the powerful capabilities with which Xplico ships. Also, Bricowifi has created a detailed tutorial on Xplico usage in French here You can download Xplico from their site here . I would highly recommend this tool to anyone who is serious about analyzing flows and data in pcap files. Enjoy!