Xplico

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT). Features - Protocols supported: HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6, …; - Port Independent Protocol Identification (PIPI) for each application protocol; - Multithreading; - Output data and information in SQLite database or Mysql database and/or files; - At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled; - Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer -RAM, CPU, HD access time, …-); - TCP reassembly with ACK verification for any packet or soft ACK verification; - Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server; - No size limit on data entry or the number of files entrance (the only limit is HD size); - IPv4 and IPv6 support; - Modularity. Each Xplico component is modular. The input interface, the protocol decoder (Dissector) and the output interface (dispatcher) are all modules; - The ability to easily create any kind of dispatcher with which to organize the data extracted in the most appropriate and useful to you;