[Forensics Tools] Xplico

네트워크 분석 툴 (Xplico)

■ Package Description

Xplico의 목표는 포함 된 응용 프로그램 데이터를 인터넷 트래픽 캡처에서 추출하는 것입니다. 

예를 들어 pcap 파일에서 Xplico는 각 전자 메일 (POP, IMAP 및 SMTP 프로토콜), 모든 HTTP 내용,

각 VoIP 호출 (SIP, MGCP, H323), FTP, TFTP 등을 추출합니다. Xplico는 네트워크 프로토콜 분석기가 아닙니다.

 

 

 

■ OPTIONS

# xplico -h

# xplico -h xplico v1.0.1 Internet Traffic Decoder (NFAT). See http://www.xplico.org for more information. Copyright 2007-2012 Gianluca Costa & Andrea de Franceschi and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/. usage: xplico [-v] [-c <config_file>] [-h] [-g] [-l] [-i <prot>] -m <capute_module>     -v version     -c config file     -h this help     -i info of protocol 'prot'     -g display graph-tree of protocols     -l print all log in the screen     -m capture type module     NOTE: parameters MUST respect this order!

 

[EX] 사용 예제

# xplico -m rltm -i eth0 xplico v1.0.1 Internet Traffic Decoder (NFAT). See http://www.xplico.org for more information. Copyright 2007-2012 Gianluca Costa & Andrea de Franceschi and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. This product includes GeoLite data created by MaxMind, available   from http://www.maxmind.com/. Configuration file (/opt/xplico/cfg/xplico_cli.cfg) found! GeoLiteCity.dat found! pcapf: running: 0/0, subflow:0/0, tot pkt:1 pol: running: 0/0, subflow:0/0, tot pkt:0 eth: running: 0/0, subflow:0/0, tot pkt:1 pppoe: running: 0/0, subflow:0/0, tot pkt:0 ppp: running: 0/0, subflow:0/0, tot pkt:0 ip: running: 0/0, subflow:0/0, tot pkt:0