Xplico System Architecture

Xplico System is composed from four macro-components:

  • a Decoder Manager called Dema
  • an IP/network decoder called Xplico
  • a set of applications called Manipulators for the manipulation of decoded data
  • a visualization system to view data extracted

The relationship between the various components is shown in Fig.

 Xplico System

There are also other applications and scripts that are used interchangeably by the four components.

Flow illustration via debugging

It might be useful to see exactly what goes on in Xplico on a low level, to get an understanding of how it operates. To demonstrate, we will see what happens when Xplico processes the sample PCAP taken from http://wiki.xplico.org/doku.php?id=pcap:pcap (0.5.5).

From the main() function, CapInit() is called to initialize the capture module that will be used, and then CapMain() is called to perform the capturing. When CapInit() is called, it sets a function pointer to a suitable capture module, and this function pointer is then called from CapMain(). In this case, the function pointer is loaded from the cap_pcap.so file, and so from inside CapMain(), the CaptMain() function pointer is called, which is really calling capt_dissectors/pcap/pcap.c:CaptDisMain().

Once control reaches the PCAP capture module, pcap_loop will be called, and each packet will be processed by PcapDissector(). ProtDissec() has a while loop, which finds and executes an appropriate packet dissector for each packet in the protocol hierarchy of the passed-in packet.

 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki