Xplico System is composed from four macro-components:
The relationship between the various components is shown in Fig.
There are also other applications and scripts that are used interchangeably by the four components.
It might be useful to see exactly what goes on in Xplico on a low level, to get an understanding of how it operates. To demonstrate, we will see what happens when Xplico processes the sample PCAP taken from http://wiki.xplico.org/doku.php?id=pcap:pcap (0.5.5).
From the main() function, CapInit() is called to initialize the capture module that will be used, and then CapMain() is called to perform the capturing. When CapInit() is called, it sets a function pointer to a suitable capture module, and this function pointer is then called from CapMain(). In this case, the function pointer is loaded from the cap_pcap.so file, and so from inside CapMain(), the CaptMain() function pointer is called, which is really calling capt_dissectors/pcap/pcap.c:CaptDisMain().
Once control reaches the PCAP capture module, pcap_loop will be called, and each packet will be processed by PcapDissector(). ProtDissec() has a while loop, which finds and executes an appropriate packet dissector for each packet in the protocol hierarchy of the passed-in packet.