Xplico包装说明

Xplico的目标是从应用程序的数据包含了一个互联网流量采集提取物。例如，从PCAP文件Xplico提取每个电子邮件（POP，IMAP和SMTP协议），所有的HTTP内容，每个VoIP呼叫（SIP，MGCP，H323），FTP，TFTP，等等。 Xplico不是网络协议分析仪。

Xplico首页 | 卡利Xplico回购

• 作者：赞布罗塔哥斯达黎加，安德烈·德切斯基
• 许可：GPL第二版

  0x01 包含在xplico包工具

  xplico - 网络取证分析工具（NFAT）

  :~# xplico -h
  xplico v1.0.1
  Internet Traffic Decoder (NFAT).
  See http://www.xplico.org for more information.
  Copyright 2007-2012 Gianluca Costa & Andrea de Franceschi and contributors.
  This is free software; see the source for copying conditions. There is NO
  warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.
  usage: xplico [-v] [-c <config_file>] [-h] [-g] [-l] [-i <prot>] -m <capute_module>
    -v version
    -c config file
    -h this help
    -i info of protocol 'prot'
    -g display graph-tree of protocols
    -l print all log in the screen
    -m capture type module
    NOTE: parameters MUST respect this order!
  

  0x02 xplico用法示例

  使用rltm模块 （-m rltm） 和分析eth0接口 （-i eth0的） 交通：

  :~# xplico -m rltm -i eth0
  xplico v1.0.1
  Internet Traffic Decoder (NFAT).
  See http://www.xplico.org for more information.
  Copyright 2007-2012 Gianluca Costa & Andrea de Franceschi and contributors.
  This is free software; see the source for copying conditions. There is NO
  warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.
  Configuration file (/opt/xplico/cfg/xplico_cli.cfg) found!
  GeoLiteCity.dat found!
  pcapf: running: 0/0, subflow:0/0, tot pkt:1
  pol: running: 0/0, subflow:0/0, tot pkt:0
  eth: running: 0/0, subflow:0/0, tot pkt:1
  pppoe: running: 0/0, subflow:0/0, tot pkt:0
  ppp: running: 0/0, subflow:0/0, tot pkt:0
  ip: running: 0/0, subflow:0/0, tot pkt:0
  

  原文来自:https://www.hackfun.org/kali-tools/xplico_zh.html。转载请注明原出处，商用请联系原作者授权。