https://wiki.xplico.org/ Fri, 03 Apr 2026 17:09:54 +0000 FeedCreator 1.8 https://wiki.xplico.org/lib/tpl/gcosta/images/favicon.ico https://wiki.xplico.org/ https://wiki.xplico.org/doku.php?id=api Xplico API This section contains docstrings that could be used in source code (Doxygen), so they should just rest here temporarily until they are included in the source code (so HTML API documentation could be generated automatically, instead of being on a page like this). anonymous@undisclosed.example.com (Anonymous) Mon, 23 Aug 2010 12:07:26 +0000 https://wiki.xplico.org/doku.php?id=architecture Xplico System Architecture Xplico System is composed from four macro-components: * a Decoder Manager called Dema * an IP/network decoder called Xplico * a set of applications called Manipulators for the manipulation of decoded data * a visualization system to view data extracted anonymous@undisclosed.example.com (Anonymous) Mon, 23 Aug 2010 11:10:48 +0000 https://wiki.xplico.org/doku.php?id=building_a_basic_dissector_module_over_tcp Building A Basic Dissector Module (over tcp) This page will provide you with all of the basic information required to create an Xplico dissector for a protocol that uses TCP (e.g. HTTP, Telnet, FTP, etc). The page will walk you through a step-by-step tutorial of creating a basic dissector for a made up anonymous@undisclosed.example.com (Anonymous) Mon, 05 Mar 2012 15:17:46 +0000 https://wiki.xplico.org/doku.php?id=building Source Code Xplico use source code, libraries, database and applications of other projects, some of those are inside Xplico code but other no, therefore to build Xplico (system) with all features it is necessary download (compile/install) these software: anonymous@undisclosed.example.com (Anonymous) Mon, 23 Dec 2013 10:49:32 +0000 https://wiki.xplico.org/doku.php?id=configs The Config file The configuration file of Xplico defines: * the dissectors to use * the log level for each dissector * the directory to put all temporary files * the name of log file * the dispatcher to use * the connections with manipulators anonymous@undisclosed.example.com (Anonymous) Tue, 10 Nov 2009 10:02:17 +0000 https://wiki.xplico.org/doku.php?id=console_mode Console Mode We describe here only console-mode modality, if you use Web interface then you have to see Web Interface page. Xplico in console-mode permit you to decode a single pcap file, directory of pcap files or decode in real-time from an ethernet interface (eth0, eth1, …). anonymous@undisclosed.example.com (Anonymous) Sat, 14 Nov 2009 01:53:48 +0000 https://wiki.xplico.org/doku.php?id=decoder Network Decoder Xplico as network decoder is designed to be used either stand-alone or within architecture. The main characteristics of the decoder are its high modularity, scalability and configurability. The decoder has been designed so that the decoding of the protocol had to be disconnected from the formatting of data (raw) input, and also the format used for data output (reconstruction). anonymous@undisclosed.example.com (Anonymous) Fri, 06 Aug 2010 16:36:27 +0000 https://wiki.xplico.org/doku.php?id=dema Decoding Manager The Dema has the following duties: * organize the input data * set the configuration, history files for the decoder and the manipulators * launch decoder and manipulators * control the execution of decoder and manipulators anonymous@undisclosed.example.com (Anonymous) Sat, 17 Oct 2009 08:41:04 +0000 https://wiki.xplico.org/doku.php?id=developer_tutorials Developer Tutorials Tutorials will be added periodically. * Building A Basic Dissector Module (over tcp) * Testing And Debugging A Dissector Module (coming soon) anonymous@undisclosed.example.com (Anonymous) Tue, 29 May 2012 09:56:45 +0000 https://wiki.xplico.org/doku.php?id=doing_a_deb_package For creating a .deb package for Xplico, follow these instructions: 1º) Download the source code #wget http://developer.berlios.de/project/showfiles.php?group_id=8919 (Choose i.e. xplico-0.5.4.tgz or later) 2º) Untar it # tar xvfz xplico-0.5.4.tgz # cd xplico anonymous@undisclosed.example.com (Anonymous) Mon, 26 Oct 2009 04:55:11 +0000 https://wiki.xplico.org/doku.php?id=faq 1º) Xplico's sniffer is a new sniffer using pcap or are you using tshark or tcpdump? Xplico is written from scratch, it does not use tshark or tcpdump. And not born as sniffer. It makes no sense to use it live mode. 2º) Is there anyway to save at the same time the decoded traffic and in PCAP format? anonymous@undisclosed.example.com (Anonymous) Sun, 06 May 2012 23:28:52 +0000 https://wiki.xplico.org/doku.php?id=helloworld_protocol HELLOWORLD Protocol This page defines the HELLOWORLD protocol for which a basic dissector module will be created for. Protocol Definition helloworldstarts (16 byte protocol string) <Message to be sent> (8 byte message) helloworldending (16 byte protocol string) anonymous@undisclosed.example.com (Anonymous) Fri, 02 Mar 2012 12:43:10 +0000 https://wiki.xplico.org/doku.php?id=interface Installing Xplico Interface The Xplico Interface is developed in PHP and it is based to CakePHP framework. This interface can use or SQLite database or MySQL database, at the moment only SQLite dispatcher is completed and tested in Xplico decoder. MySQL database dispatcher and XI configuration file for MySQL can be obtained anonymous@undisclosed.example.com (Anonymous) Sun, 30 Sep 2012 02:46:33 +0000 https://wiki.xplico.org/doku.php?id=modules Introduction Xplico reads in traffic data (capture modules), dissects information from this data according to protocols (dissector modules), and then dispatches the information to a desired output destination (dispatcher modules). Every part of the decoder is a plugin and then a module. In Xplico (decoder), we distinguish between three types of modules: anonymous@undisclosed.example.com (Anonymous) Wed, 18 Aug 2010 09:24:48 +0000 https://wiki.xplico.org/doku.php?id=pcap-over-ip PCAP-over-IP Starting from Xplico 1.0.0 we added the feature PCAP-over-IP. From the Xplico Interface you can view the port number where the PCAP-over-IP is enabled. If Xplico server has IP 192.168.0.195 then to transfer the file my_file.pcap the command is: anonymous@undisclosed.example.com (Anonymous) Tue, 14 Feb 2012 01:23:29 +0000 https://wiki.xplico.org/doku.php?id=pcap2wav PCAP2WAV - RTP2WAV pcap2wav is a Xplico customization with a web interface developed to easly use the tool. Installation steps * compile Xplico (steps here) * from the source code directory launch the script pcap2wav_tgz.sh * from / and with root user untar pcap2wav.tgz : anonymous@undisclosed.example.com (Anonymous) Sat, 01 Jun 2013 23:53:28 +0000 https://wiki.xplico.org/doku.php?id=scripts Useful Scripts session_mng.pyc From release 0.6.2 there is a new tool to facilitate the creation of new case and/or new session from command line. This tool is compatible with the SQLite and MySQL DB (lite and ximysql dispatchers and XI). The tool path is /opt/xplico/script/session_mng.pyc and its use is very simple. anonymous@undisclosed.example.com (Anonymous) Sun, 30 Sep 2012 02:45:42 +0000 https://wiki.xplico.org/doku.php?id=testing_and_debugging_a_dissector_module Testing And Debugging A Dissector Module anonymous@undisclosed.example.com (Anonymous) Fri, 02 Mar 2012 13:50:39 +0000 https://wiki.xplico.org/doku.php?id=tips_tricks How to decode large amounts of data From 0.6.2 version there is a new script named session_mng.pyc to facilitate management, for older versions read below. If you have GB or TB of data to be decoded then the steps are these (obviously after installing Xplico and XI): anonymous@undisclosed.example.com (Anonymous) Fri, 10 Feb 2012 06:17:27 +0000 https://wiki.xplico.org/doku.php?id=tutorial Tutorial Xplico 1.1.0 and 1.2.0 * Step by Step Xplico Installation (from source code) * Command line to create new session and case, useful with XI * Ubuntu installation * pcap2wav installation Xplico 1.0.1 * How to update the DB (SQLite or/and MySQL) * Step by Step Xplico Installation (from source code anonymous@undisclosed.example.com (Anonymous) Sat, 14 Jan 2017 05:25:26 +0000 https://wiki.xplico.org/doku.php?id=ubuntu Ubuntu 32bit You have two possibility: Xplico Repository If you are using Ubuntu 11.04 <-> 16.10 then you can use our repository: sudo bash -c 'echo "deb http://repo.xplico.org/ $(lsb_release -s -c) main" >> /etc/apt/sources.list' sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 791C25CE sudo apt-get update sudo apt-get install xplico anonymous@undisclosed.example.com (Anonymous) Sat, 14 Jan 2017 05:24:49 +0000 https://wiki.xplico.org/doku.php?id=web_interface Xplico Interface With this interface it is possible to create new case, introduce new capture file, view all data extracted by the decoder. First we have to log in: [Login page] the default user is xplico and the password is xplico. User administrator: admin anonymous@undisclosed.example.com (Anonymous) Mon, 13 Dec 2010 22:42:51 +0000 https://wiki.xplico.org/doku.php?id=xplico Xplico Wiki This is the wiki site of Xplico Network Forensic Analysis Tool (NFAT). This application is still under heavy development, so it is possible that you will encounter a bug while using it. Don't hesitate to report bugs to bug[@]xplico.org and/or use the anonymous@undisclosed.example.com (Anonymous) Wed, 02 Mar 2016 03:03:40 +0000