Introducing And How To Install Xplico On Kali Linux

Xplico is a Network Forensic Analysis Tool. Using the technique of Port Independent Protocol Identification to recognize the protocols and reconstruct. This software is free and open-source and under the GNU General Public License version 2. Xplico extracts and reconstructs all the Web pages and contents such as images, files, cookies, etc. You can extract from internet traffic capture the application data contained with Xplico. So, join us with this article to read the Introducing And How To Install Xplico On Kali Linux. Purchase your preferred Linux VPS among the available packages on Eldernode and keep continuing reading.

Table of Contents

Introducing Xplico On Kali Linux

Xplico Features

1- Xplico supports the protocols of HTTP, SIP, POP, SMTP, TCP, UDP, IPv6, and so on.

2- Xplico is multithreading.

3- Output data and information in SQLite database or Mysql database and/or files.

4- Depend on the number of flows, the type of protocols, and the performance of computer RAM, CPU, HD access time Xplico provides the real-time elaboration.

5- TCP reassembly with ACK verification for any packet or soft ACK verification; TCP/IP Protocol Decoder.

6- Reverse DNS lookup from DNS packages contained in the inputs files, not from the external DNS server.

7- The only limit is HD size and there is no size limit on data entry or the number of files entrance.

8- IPv4 and IPv6 support.

9- Input interface, protocol decoder, and the output interface are all modules while each Xplico component is modular.

10- Xplico is easily capable to create any kind of dispatcher with which to organize the data extracted in the most appropriate and useful to you.

11- Network and Digital Forensics

12- Packet Sniffer

13- Sniffer

14- PCAP Parser

15- Xplico is able to classify more than 140 protocols. (application)

Recommended Article: How To Install And Run WiFite On Kali Linux

Xplico Modules

Xplico is able to read traffic data. Due to the kind of protocols, it will dissect information from this data and finally dispatches the information to some desired output destination. The three mentioned parts are different types of modules which will be explained below which are a plugin and then a module.

Captured modules: From the point of theory, these modules allow interfacing to any type of data acquisition system. These modules are located in the capt_dissectors top-level directory.

Dissector modules: While these modules are divided into subdirectories for each supported protocol such as eth, IP, tcp, etc. They can decode the protocol. Also, they extract protocol-specific information from traffic and is located in the dissectors top-level directory.

Dispatcher modules: From the point of theory, these modules allow interfacing to any type of data storage system such as directories/files, SQLite, Oracle, MysQL, PostgreSQL, system storage with a socket connection. It exports data to the mentioned database and sockets destinations. Dispatcher modules are able to do this without modifying the Dissector modules easily. These are located in the dispatch top-level directory.

Xplico Interfaces

You can use the Xplico with a Web interface to create new cases, upload new filesor, and display any material decoded. The Xplico interface is based on the CakePHP framework and is developed in PHP. SQLite or MySQL databases are used by this interface. Also, Xplico is used in console-mode as an alternative to permitting you to decode a single pcap file, directory of pcap files, or decode in real-time from an ethernet interface such as eth0, eth1, etc.

Xplico Components

The Xplico system is built on 4 components as below list:

1- Decoder Manager

2- IP Decoder

3- Data Manipulators

4- Visualization System

However, you can start a new case by uploading a PCAP capture file. Or acquire the data live from the existing interface when connected to the Xplico web interface.

Xplico Alternatives

There are some other forensic analysis tools that you can use alternatively, let’s have a look:

1- HackerCombat

2- SANS SIFT

3- CAINE

4- ProDiscover forensic

5- X-Ways forensics

Recommended Article: Tutorial Install And Run Bluelog On Kali Linux [Security]

Screenshots

VoIP: SIP and RTP (without signaling protocol).

SIP and RTP

Dns Graphs

Dns Graphs

***

Login page, and Cases list page.

***

Cases list page - Install Xplico On Kali Linux

Session pages.

Session pages - Install Xplico On Kali Linux

***

Session pages - Install Xplico On Kali Linux

Email pages.

Email pages - Install Xplico On Kali Linux

Web pages.

Web pages

Video and Images pages.

video pages

***

Image page

Ftp pages.

Ftp pages

***

Ftp pages

MMS pages.

MMS pages

***

MMS pages

GeoMap page.

GeoMap page Introducing And How To Install Xplico On Kali Linux

How To Install Xplico On Kali Linux

Xplico is available on DEFT Linux, Kali Linux, and CAINE Linux by default. Xplico is able to extract from a pcap file each email (POP, IMAP, and, SMTP protocols), all HTTP contents, each VoIP CALL (SIP, NGCP, H323), FTP, TFTP, etc.

To install Xplico, you just need to run the following commands:

sudo apt-get update

sudo apt-get install xplico

It will install Xplico and all needed packages.

Then, use the command below to install its dependencies:

sudo apt-get install

Above all, you can also install the Forensic meta-packages via the Kali.org website. If you install meta-packages, you would be allowed to install the required tools of the same category such as wireless, vulnerability assessment, and forensic tools.

Conclusion

In this article, you reviewed the Introducing And How To Install Xplico On Kali Linux. From now on you know how to install Xplico and why you need to use this great tool for analyzing network traffic with multiple protocol dissectors. In case you are interested in reading more, find another article on Introduction Kali Linux Server and its applications