Xplico

Xplico is a Network Forensic Analisys Tool (NFAT), a software that reconstructs the contents from acquisitions made with packet sniffer (such as Wireshark or tcpdump).
Unlike analyzers protocol, whose main characteristic is not the reconstruction of data transported by protocols, Xplico born expressly with the aim of reconstructing the data application protocols transporting them and it is able to detect the protocols regardless of the port using, this using techniques of Port Independent Protocol Identification (PIPI).
To clarify what makes Xplico, if we take for example the HTTP protocol, from raw packages (ethernet, or PPP) acquired by a packet sniffer Xplico extracts and reconstructs all pages and Web content, similarly considering the protocols POP, IMAP and SMTP Xplico reconstructs e-mails exchanged.

This software is released under an Open Source license and is only compatible with Linux.

Among the protocols that Xplico identifies and which reconstructs the data applications are HTTP, SIP, IMAP, POP, SMTP and FTP, for a complete and updated list, see the official site.
 
< Prev   Next >