词条 | Xplico |
释义 |
| title = | name = Xplico | logo = | logo caption = | screenshot = | caption = | collapsible = | author = | developer = Gianluca Costa & Andrea de Franceschi | released = | discontinued = | latest release version = 1.2.0 | latest release date = {{release date|2017|02|01}}[1] | latest preview version = | latest preview date = | status = | programming language = C, PHP, Python | operating system = Linux | platform = | size = | language = | language count = | language footnote = | genre = Network Forensics | license = GNU General Public License | website = {{URL|http://www.xplico.org/}} | logo_size = | logo_alt = | screenshot_size = | screenshot_alt = | frequently updated = }} Xplico is a network forensics analysis tool (NFAT), which is a software that reconstructs the contents of acquisitions performed with a packet sniffer (e.g. Wireshark, tcpdump, Netsniff-ng). Unlike the protocol analyzer, whose main characteristic is not the reconstruction of the data carried by the protocols, Xplico was born expressly with the aim to reconstruct the protocol's application data and it is able to recognize the protocols with a technique named Port Independent Protocol Identification (PIPI).[2] The name "xplico" refers to the Latin verb explico and its significance. Xplico is free and open-source software, subject to the requirements of the GNU General Public License (GPL), version 2.[3] OverviewTo clarify what Xplico does we can imagine to have the raw data (Ethernet or PPP) of a web navigation (HTTP protocol), in this case Xplico is able to extract and reconstruct all the Web pages and contents (images, files, cookies, and so on). Similarly Xplico is able to reconstruct the e-mail exchanged with the IMAP, POP, and SMTP protocols. Among the protocols that Xplico identifies and reconstructs there are VoIP, MSN, IRC, HTTP, IMAP, POP, SMTP, and FTP. FeaturesSoftware architectureThe Xplico's software architecture provides:
With the output module Xplico can have different user interfaces, in fact it can be used from command line and from a web user interface called "Xplico Interface". The protocol dissector is the modules for the decoding of the individual protocol, each protocol dissector can reconstruct and extract the data of the protocol. All modules are plug-in and, through the configuration file, they can be loaded or not during execution of the program. This allows to focus the decoding, that is, if you want to decode only VoIP calls but not the Web traffic then you configure Xplico to load only the RTP and SIP modules excluding the HTTP module.[4] Large scale pcap data analysisAnother feature of Xplico is its ability to process (reconstruct) huge amounts of data: it is able to manage pcap files of multiple gigabytes and even terabytes from multiple capture probes simultaneously. This is thanks to the use of various types of "input modules". The pcap files can be uploaded in many ways, directly from the Xplico Web user interface, with a SFTP or with a transmission channel called PCAP-over-IP. For these features Xplico is used in the contexts of Lawful interception [5][6] and in Network Forensics.[7] VoIP callsXplico and also its specific version called pcap2wav is able to decode VoIP calls based on the RTP protocol (SIP, H323, MGCP, SKINNY) and supports the decodidica of audio codecs G711ulaw, G711alaw, G722, G729, G723, G726, and MSRTA (Microsoft's Real-time audio).[8] Basic commands working from command lineIn these examples, it is assumed that eth0 is the used network interface.
in all cases the data decoded are stored in the a directory named xdecode. With the parameter -m we can select the "input module" type. The input module named rltm acquires the data directly from the network interface, vice versa the input module named pcap acquires data form pcap files or directory. DistributionsXplico is installed by default in the major distributions of digital forensics and penetration testing:
See also
References1. ^http://www.xplico.org/archives/1513 2. ^{{cite web |url=http://holisticinfosec.org/toolsmith/pdf/june2011.pdf |title=ISSA Journal |accessdate=2012-06-01}} 3. ^{{cite web|url=http://www.xplico.org/docs/license|title=Xplico License}} 4. ^{{Cite book| publisher = Apogeo| isbn = 978-88-503-2816-1| pages = 5, 227, 278, 369–370| last = Gabriele Faggioli| first = Andrea Ghirardini| title = Computer Forensics| location = Italy| year = 2009}} 5. ^{{cite web |url=http://www.it.uc3m.es/~muruenya/papers/MCSS10XplicoAlerts.pdf |title=On detecting Internet-based criminal threats (European FP7-SEC Project INDECT) |accessdate=2017-05-09}} 6. ^{{cite web |url=http://e-archivo.uc3m.es/handle/10016/10370 |title=Sistema de interceptación y análisis de comunicaciones) |}} 7. ^{{Cite book| isbn = 978-1597494724| last = Cameron H. Malin| first = Eoghan Casey BS MA| title = Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides| year = 2012}} 8. ^pcap2wav Xplico interface http://www.xplico.org/archives/1287 9. ^Kali, Xplico as a package. 10. ^{{cite web |url=http://redmine.backtrack-linux.org:8080/issues/529 |title=Backtrack 5}} 11. ^{{cite web|url=http://www.deftlinux.net/projects/ |title=Projects DEFT Linux |deadurl=yes |archiveurl=https://web.archive.org/web/20120618120019/http://www.deftlinux.net/projects/ |archivedate=June 18, 2012 }} 12. ^{{cite web |url=http://www.cert.org/forensics/tools/ |title=Linux Forensics Tools Repository}} External links
5 : Free software programmed in C|Network analyzers|Free network management software|Unix network-related software|Linux-only software |
随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。