forked from triplekill/xplico
xplico
License
Unknown, Unknown licenses found
Licenses found
Unknown
LICENSE
Unknown
COPYING.CC_BY-NC-SA
Cbrdiv/xplico
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
$Id: $
General Information
------- -----------
Xplico is a Network Forensic Analisys Tool NFAT, for Unix and
Unix-like operating systems. It uses libpcap, a packet capture and filtering library.
The official home of Xplico is
http://www.xplico.org
The latest distribution can be found in the subdirectory
http://www.xplico.org/download
Installation
------------
Xplico is known to compile and run on the following systems:
- Linux (2.4 and later kernels, various distributions)
- CPU taget: x86 multicore (Xplico use all cpu)
ARM
XScale
Full installation instructions can be found in the INSTALL file.
Usage
-----
We describe here only console-mode modality, if you use Web interface then you have to see INSTALL
and with root permision run /opt/xplico/script/sqlite_demo.sh.
Xplico in console-mode permit you to decode a single pcap file, directory of pcap files or decode in
realtime from an ethernet interface (eth0, eth1, ...).
To select the input type you have to use -m option. The '-m' option permit you to load a particular
xplico capture interface (capture-module).
The possible capture interfaces are 'pcap' and 'rltm'. If you run "./xplico -h -m pcap" you have an
help of use of pcap interface, obviously "./xplico -h -m rltm' give you an help to use realtime interface.
In console-mode all file extracted by xplico are placed in 'tmp/xplico/' direcory, every protocol has
a particular directory, and inside this direcory you can find the decoding data.
For example:
- if you have to decode test.pcap, you have to launch this command:
./xplico -m pcap -f test.pcap
at the end of decoding your files are in xdecode/ip/http, xdecode/ip/pop, xdecode/ip/smtp, ...
and kml file (Google Earth) is in xdecode/ip/
- if you have to decode a direcotry "/tmp/test" where inside there are many pcap files you have
to launch this command:
./xplico -m pcap -d /tmp/test
at the end of decoding your files are in xdecode/ip/http, xdecode/ip/pop, xdecode/ip/smtp, ...
and kml file (Google Earth) is in xdecode/ip/
- if you have to decode eth0 in realtime the command is:
./xplico -m rltm -i eth0
to break acquisition: ^C. At the end of decoding (decoding is in realtime) your files are in xdecode/ip/http,
xdecode/ip/pop, xdecode/ip/smtp, ...
and kml file (Google Earth) is in xdecode/
Xplico has many decoding modules, these modules are in 'modules' directory, to enable or disable
a module you have to modify the xplico.cfg file (by default in ./config/ directory)
The GeoMap file (kml) for Google Earth is updated every 30 sec.
./xplico -g give you a graph of relations between the dissectors.
How to Report a Bug
-------------------
Xplico still under constant development, so it is possible that you will
encounter a bug while using it. Please report bugs at bug@xplico.org .
Disclaimer
----------
There is no warranty, expressed or implied, associated with this product.
Use at your own risk.
Gianluca Costa
About
xplico
Resources
License
Unknown, Unknown licenses found
Licenses found
Unknown
LICENSE
Unknown
COPYING.CC_BY-NC-SA
Stars
Watchers
Forks
Packages 0
No packages published
Languages
- PHP 57.2%
- C 37.9%
- Makefile 2.2%
- CSS 1.3%
- Python 0.8%
- JavaScript 0.4%
- Other 0.2%