At some point in life we find that we collect items and later go through them.
When we get a large collection of stuff, it takes time to go through the content. As a information security minded person you may collect a lot of packets and at some point you have to go through them. This is where Xplico.org shines.
The great tool known as "Wireshark" collects a lot of stuff for us. The content is filled with a lot of good items. The question comes to mind "How to go through all this stuff?" We can go through it with the built in items of "Wireshark" and this will work for most cases. We like another tool for parsing the data for us as well.
The other tool that comes to mind for parsing our data packets collected by "Wireshark" is "Xplico". Xplico is a free Linux tool that will take all the packets collected by Wireshark and piece it back together as if you were sitting in front of the computer when it was created.
The data extracted and pieced back together by Xplico ranges from VOIP to Emails. We will not list all the things that Xplico can parse back together for you but we will suggest that you visit the site and see for yourself all the data it can handle for you. This is a time saving tool and we suggest that anyone in the Computer Forensics or IT world, have this in their toolbox.
What has been found when first using the Xplico is the file size of the PCAP files size it can handle. We ran a test with some PCAP files that were larger than or more than one gigabyte in file size. Xplico will scream at you and tell you it cannot deal with the files because it is too large and you need to change a file. Xplico will tell you the file that needs to be altered to handle the PCAP file(s) you have. You can find several how to videos on YouTube as well. We did a search and linked YouTube to the left, just click to see the list of videos.
Our conclusion is that Xplico is a great tool to go hand in hand with your packet gathering tool. This tool should be in your toolbox and trained on for all who are in the information security. We will never get the tools that NSA uses but we can find some tools that will do similar things that the NSA can do, just by researching the net. What is truly Secure?
Thank you for stopping by LoveMyTool. We look forward to hearing back from you.
Author - Emory Mullis has been in Law Enforcement for roughly 19 years including military and civilian law enforcement. He started learning about computers back when Gateway 266 MHz was the top of the line and cost about $2000.00.Right out the box, I was compelled to take my new found 266 apart. Why I have no idea other than pure curiosity. Once I had the computer out the box and on the floor in pieces, my wife walked in. Trust me people; this was not a good thing! Either way I got a good understanding at this point on how a computer is put together and / or the components inside. This was my starting point with computers and I still hear my wife in the back ground “It better work when you put it back together!” That was my humble beginnings as a Cyber Investigator. Now with many Cyber cases under my belt, I have learned that you must question, challenge and test almost daily to keep up with all the new tools, software, computers and cell phone formats to be able to forensically acquire evidence and it is a real challenge. I enjoy the challenge and look forward to learning more every day!