Xplico is a Network Forensic Analisys Tool NFAT, for Unix and Unix-like operating systems

Related tags

Miscellaneous xplico
Overview

General Information

Xplico is a Network Forensic Analisys Tool NFAT, for Unix and Unix-like operating systems. It uses libpcap, a packet capture and filtering library.

The official home of Xplico is: http://www.xplico.org

The latest distribution can be found in the subdirectory: http://www.xplico.org/download

Installation

Xplico is known to compile and run on the following systems:

  • Linux (2.4 and later kernels, various distributions)
  • CPU taget: x86 multicore (Xplico use all cpu)
    • ARM
    • XScale

Full installation instructions can be found in the INSTALL file.

Usage

We describe here only console-mode modality, if you use Web interface then you have to see INSTALL and with root permision run /opt/xplico/script/sqlite_demo.sh.

Xplico in console-mode permit you to decode a single pcap file, directory of pcap files or decode in realtime from an ethernet interface (eth0, eth1, ...). To select the input type you have to use -m option. The '-m' option permit you to load a particular xplico capture interface (capture-module). The possible capture interfaces are 'pcap' and 'rltm'. If you run "./xplico -h -m pcap" you have an help of use of pcap interface, obviously "./xplico -h -m rltm' give you an help to use realtime interface. In console-mode all file extracted by xplico are placed in 'tmp/xplico/' direcory, every protocol has a particular directory, and inside this direcory you can find the decoding data. For example:

  • if you have to decode test.pcap, you have to launch this command: ./xplico -m pcap -f test.pcap at the end of decoding your files are in xdecode/ip/http, xdecode/ip/pop, xdecode/ip/smtp, ... and kml file (Google Earth) is in xdecode/ip/

  • if you have to decode a direcotry "/tmp/test" where inside there are many pcap files you have to launch this command: ./xplico -m pcap -d /tmp/test at the end of decoding your files are in xdecode/ip/http, xdecode/ip/pop, xdecode/ip/smtp, ... and kml file (Google Earth) is in xdecode/ip/

  • if you have to decode eth0 in realtime the command is: ./xplico -m rltm -i eth0 to break acquisition: ^C. At the end of decoding (decoding is in realtime) your files are in xdecode/ip/http, xdecode/ip/pop, xdecode/ip/smtp, ... and kml file (Google Earth) is in xdecode/

Xplico has many decoding modules, these modules are in 'modules' directory, to enable or disable a module you have to modify the xplico.cfg file (by default in ./config/ directory) The GeoMap file (kml) for Google Earth is updated every 30 sec.

./xplico -g give you a graph of relations between the dissectors.

How to Report a Bug

Xplico still under constant development, so it is possible that you will encounter a bug while using it. Please report bugs at [email protected] .

Disclaimer

There is no warranty, expressed or implied, associated with this product. Use at your own risk.

Enjoy.

Comments
  • Complilng error: two or more data types in declaration specifiers

    Complilng error: two or more data types in declaration specifiers

    Hi, I'm trying to compile xplico on Pop OS 20.10 with the instructions given in INSTALL, but received the following error during make.

    In file included from /usr/include/mysql/mysql.h:43,
                 from ximysql.c:35:
/home/danial/sources/xplico/common/include/istypes.h:31:23: error: two or more data types in declaration specifiers
   31 | typedef unsigned char bool;
      |                       ^~~~
In file included from /home/danial/sources/xplico/common/include/proto.h:34,
                 from ximysql.c:38:
/home/danial/sources/xplico/common/include/istypes.h:31:1: warning: useless type name in empty declaration
   31 | typedef unsigned char bool;
      | ^~~~~~~
In file included from ximysql.c:42:
ximysql.c: In function ‘DispPop’:
ximysql.h:162:38: warning: ‘%s’ directive writing up to 4095 bytes into a region of size between 3866 and 10008 [-Wformat-overflow=]
  162 | #define XS_QUERY_POP_TEMPLATE        "INSERT INTO emails (sol_id, pol_id, source_id, capture_date, data_size, flow_info, receive, username, password, sender, receivers, subject, mime_path, relevance, attach_dir) VALUES (%i, %i, %i, "XPCAP_DATE", %lu, '%s', 1, '%s', '%s', '%s', '%s', '%s', '%s', 100, '%s')"
      |                                      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ximysql.h:162:38: note: in definition of macro ‘XS_QUERY_POP_TEMPLATE’
  162 | #define XS_QUERY_POP_TEMPLATE        "INSERT INTO emails (sol_id, pol_id, source_id, capture_date, data_size, flow_info, receive, username, password, sender, receivers, subject, mime_path, relevance, attach_dir) VALUES (%i, %i, %i, "XPCAP_DATE", %lu, '%s', 1, '%s', '%s', '%s', '%s', '%s', '%s', 100, '%s')"
      |                                      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ximysql.c:42:
ximysql.h:162:280: note: format string is defined here
  162 | _info, receive, username, password, sender, receivers, subject, mime_path, relevance, attach_dir) VALUES (%i, %i, %i, "XPCAP_DATE", %lu, '%s', 1, '%s', '%s', '%s', '%s', '%s', '%s', 100, '%s')"
      |                                                                                                      

...

make[2]: *** [<builtin>: ximysql.o] Error 1
make[2]: Leaving directory '/home/danial/sources/xplico/dispatch/ximysql'
make[1]: *** [Makefile:48: subdir] Error 1
make[1]: Leaving directory '/home/danial/sources/xplico/dispatch'
make: *** [Makefile:149: subdir] Error 1

    The branch I run the make command is from master branch. I tried to compile from tag v.1.2.2 but received libnDPI error even though I have already installed nDPI libraries.

    Anyone knows the problem?

    opened by hambergerpls 1
  • No login form. Error: An Internal Error Occured error.

    No login form. Error: An Internal Error Occured error.

    Kali 2020.4 When I run localhost: 9876, I get an Error: An Internal Error Occured error. And there is no login form. In /opt/xplico/xi/app/tmp/logs/error.log indicates an error in the request syntax. (screenshot) Screenshot_2020-11-30_17_40_37

    opened by JackPot777 1
  • make command failing in xplico dir

    make command failing in xplico dir

    Followed all the install guidelines, running ubuntu 18.04.5 LTS Trying to install xplico v.1.2.2 , all dependencies are installed and required libraries too.

    Error shown below :

    tcp_garbage.c:51:10: fatal error: libndpi/ndpi_main.h: No such file or directory 51 | #include <libndpi/ndpi_main.h> compilation terminated. : recipe for target 'tcp_garbage.o' failed make[2]: *** [tcp_garbage.o] Error 1 make[2]: Leaving directory '/xbuild/xplico-v.1.2.2/dissectors/tcp_grbg' Makefile:52: recipe for target 'subdir' failed

    opened by ow111 2
  • release: please attach to stable dependencies

    release: please attach to stable dependencies

    I'm trying to compile Xplico 1.2.2 and facing a some problems. the latest nDPI git has change the include directory location (ndpi instead of libndpi) and xplico is unable to find it. Also, the api of dev-libs/json-c has changed as well and the 1.2.2 release is not compatible with json-c 0.13.1.

    Please attach the stable dependencies (nDPI 2.8 and json-c 0.13.1). Also, can #IFDEF the code to workaround the API change. For example, the patch for json-c should be similar to the following: https://github.com/OSGeo/gdal/pull/277/files

    opened by blshkv 1
  • Web-version doesn't work

    Web-version doesn't work

    Hi! I can't use web-version in browser, the page is blank in the address localhost:9876. Commands I use: service apache2 start /etc/init.d/xplico start

    Log apache2: [Mon Sep 10 15:16:56.497109 2018] [:error] [pid 24814] [client ::1:44138] PHP Warning: cake_core cache was unable to write 'cake_dev_en-us' to File cache in /opt/xplico/xi/lib/Cake/Cache/Cache.php on line 328 [Mon Sep 10 15:16:56.497146 2018] [:error] [pid 24814] [client ::1:44138] PHP Warning: /opt/xplico/xi/app/tmp/cache/persistent/ is not writable in /opt/xplico/xi/lib/Cake/Cache/Engine/FileEngine.php on line 385 [Mon Sep 10 15:16:56.497218 2018] [:error] [pid 24814] [client ::1:44138] PHP Fatal error: Uncaught exception 'CacheException' with message 'Cache engine "cake_core" is not properly configured. Ensure required extensions are installed, and credentials/permissions are correct' in /opt/xplico/xi/lib/Cake/Cache/Cache.php:186\nStack trace:\n#0 /opt/xplico/xi/lib/Cake/Cache/Cache.php(151): Cache::_buildEngine('cake_core')\n#1 /opt/xplico/xi/app/Config/core.php(377): Cache::config('cake_core', Array)\n#2 /opt/xplico/xi/lib/Cake/Core/Configure.php(72): include('/opt/xplico/xi/...')\n#3 /opt/xplico/xi/lib/Cake/bootstrap.php(431): Configure::bootstrap(true)\n#4 /opt/xplico/xi/app/webroot/index.php(95): include('/opt/xplico/xi/...')\n#5 {main}\n thrown in /opt/xplico/xi/lib/Cake/Cache/Cache.php on line 186

    I'm sure the problem is in permissions, but I can't solve it... I use the following commands, but I didn't have any success: chown -R www-data:www-data /opt/xplico/ chown -R www-data:www-data /opt/xplico/xi chown -R www-data:www-data /opt/xplico/cfg

    chmod 777 -R /opt/xplico/xi chmod 777 -R /opt/xplico/cfg chmod 777 -R /opt/xplico/

    chown -R www-data: /opt/xplico/ chown -R www-data: /opt/xplico/xi/ chown -R www-data: /opt/xplico/cfg/

    My system is 4.17.0-kali3-amd64. What should I do? Thanks in advance!

    opened by Bunder99 0
Releases(v.1.2.2)
Owner
Xplico
Open Source Network Forensic Analysis Tools
Xplico
GitHub http://www.xplico.org
Get the system resources in PHP, as memory, number of CPU'S, Temperature of CPU or GPU, Operating System, Hard Disk usage, .... Works in Windows & Linux

system-resources. A class to get the hardware resources We can get CPU load, CPU/GPU temperature, free/used memory & Hard disk. Written in PHP It is a

Rafael Martin Soto 10 Oct 15, 2022
Contains a few tools usefull for making your test-expectations agnostic to operating system specifics

PHPUnit Tools to ease cross operating system Testing make assertEquals* comparisons end-of-line (aka PHP_EOL) character agnostic Make use of EolAgnost

Markus Staab 1 Jan 3, 2022
A study of the design, implementation, and management of enterprise information systems.

Enterprise-Architecture A study of the design, implementation, and management of enterprise information systems. Organization: University of North Ala

Look Alive 1 Jan 7, 2022
Implement event systems, signal slots, intercepting filters, and observers.

zend-eventmanager Repository abandoned 2019-12-31 This repository has moved to laminas/laminas-eventmanager. zend-eventmanager is designed for the fol

Zend Framework 1.7k Dec 9, 2022
Queue Management Systems for LPG vendor agencies of Sri Lanka, for the LPG shortages in 2022

gas-queue-mgt Queue Management Systems for LPG vendor agencies of Sri Lanka, for the LPG shortages in 2022 Installation Requirements PHP 7.4 or later

Madhusanka Goonathilake 14 Oct 18, 2022
A small, modern, PSR-7 compatible PSR-17 and PSR-18 network library for PHP, inspired by Go's net package.

Net A small, modern, PSR-7 compatible PSR-17 and PSR-18 network library for PHP, inspired by Go's net package. Features: No hard dependencies; Favours

Minibase 16 Jun 7, 2022
A small, modern, PSR-7 compatible PSR-17 and PSR-18 network library for PHP, inspired by Go's net package.

Net A small, modern, PSR-7 compatible PSR-17 and PSR-18 network library for PHP, inspired by Go's net package. Features: No hard dependencies; Favours

Minibase 16 Jun 7, 2022
Starless Sky is a network protocol for secure identities, providing the use of assymetric identities, public information, end-to-end messaging and smart contracts

Descentralized network protocol providing smart identity over an secure layer. What is the Starless Sky Protocol? Starless Sky is a network protocol f

Starless Sky Protocol 3 Jun 19, 2022
Neural Network in pure PHP

rn Neural Network in pure PHP - ML Machine Learning - AI Artificial Intelligence RED NEURONAL WHAT DO THIS LIBRARY IN PURE PHP OF ARTIFICIAL INTELLIGE

Rafael Martin Soto 6 May 31, 2022
Plant Watering Sensor Project for Zigbee Network (based on the Source Code of the DIYRUZ Flower Project - https://github.com/diyruz/flower).

Plant-Watering-Sensor-Zigbee Plant Watering Sensor Project for Zigbee Network (based on the Source Code of the DIYRUZ Flower Project

Andrew Lamchenko 80 Dec 22, 2022
A library for create network applications with PHP.

SocketServer A library for create network applications with PHP. Installation. $ composer require thenlabs/socket-server Usage. The below code show a

ThenLabs 3 Apr 11, 2022
Fresns core library: Cross-platform general-purpose multiple content forms social network service software

About Fresns Fresns is a free and open source social network service software, a general-purpose community product designed for cross-platform, and su

Fresns 82 Dec 31, 2022
Community-created, unofficial PHP SDK for the Skynet Decentralized Internet Network. siasky.net

Skynet PHP SDK This SDK is a community-created, unofficial SDK in PHP for the Skynet Decentralized Internet Network. It is taken as primarily a port f

Derrick Hammer 4 Dec 26, 2022
Chat over your local network: 127.0.0.1

#Howto: install packages: apache2 (or nginx but I wouldn't prefer it if you're using your local computer) php for ubuntu/debian instance: $ apt instal

Omer Erbilgin 1 Jan 12, 2022
Nagios/Icinga plugin for checking SATEON field network device status

check_sateon Nagios/Icinga plugin for checking SATEON field network device status Max.Fischer [email protected] Tested on CentOS GNU/Linux 6.5 with Ici

null 1 May 27, 2022
PHP_Depend is an adaptation of the established Java development tool JDepend. This tool shows you the quality of your design in terms of extensibility, reusability and maintainability.

PHP Depend Documentation PHP Depend for enterprise Available as part of the Tidelift Subscription. The maintainers of PHP Depend and thousands of othe

PHP_Depend 837 Dec 14, 2022
A Tinder-like experience for Plex Watchlist: swipe and match with another person and find the movie you're gonna watch tonight.

Plex Finder This app's goal is to help choose a film to watch when neither you nor your SO/friend/roommate/whatever is any good at choosing anything.

Guillaume Hartemann-Piollet 3 Aug 13, 2022
A Oembed consumer library, that gives you information about urls. It helps you replace urls to youtube or vimeo for example, with their html embed code. It has advanced features like offline support, responsive embeds and caching support.

Embera - PHP Oembed consumer library Embera is an Oembed consumer library written in PHP. It takes urls from a text and queries the matching service f

Michael Pratt 307 Dec 23, 2022
WordPlate is a wrapper around WordPress. It makes developers life easier. It is just like building any other WordPress website with themes and plugins. Just with sprinkles on top.

WordPlate is simply a wrapper around WordPress. It makes developers life easier. It is just like building any other WordPress website with themes and plugins. Just with sprinkles on top.

WordPlate 1.7k Dec 24, 2022