Xplico包装说明
Xplico的目标是从应用程序的数据包含了一个互联网流量采集提取物。例如,从PCAP文件Xplico提取每个电子邮件(POP,IMAP和SMTP协议),所有的HTTP内容,每个VoIP呼叫(SIP,MGCP,H323),FTP,TFTP,等等。 Xplico不是网络协议分析仪。
- 作者:赞布罗塔哥斯达黎加,安德烈·德切斯基
- 许可:GPL第二版
包含在xplico包工具
xplico - 网络取证分析工具(NFAT)
[email protected]:~# xplico -h
xplico v1.0.1
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.
Copyright 2007-2012 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.
usage: xplico [-v] [-c <config_file>] [-h] [-g] [-l] [-i <prot>] -m <capute_module>
-v version
-c config file
-h this help
-i info of protocol 'prot'
-g display graph-tree of protocols
-l print all log in the screen
-m capture type module
NOTE: parameters MUST respect this order!xplico用法示例
使用rltm模块(-m rltm)和分析eth0接口(-i eth0的)交通:
[email protected]:~# xplico -m rltm -i eth0
xplico v1.0.1
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.
Copyright 2007-2012 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.
Configuration file (/opt/xplico/cfg/xplico_cli.cfg) found!
GeoLiteCity.dat found!
pcapf: running: 0/0, subflow:0/0, tot pkt:1
pol: running: 0/0, subflow:0/0, tot pkt:0
eth: running: 0/0, subflow:0/0, tot pkt:1
pppoe: running: 0/0, subflow:0/0, tot pkt:0
ppp: running: 0/0, subflow:0/0, tot pkt:0
ip: running: 0/0, subflow:0/0, tot pkt:0