Xplico v0.5.6: VoIP (SIP & RTP) released

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).

Xplico is released under the GNU General Public License.

PNG - 28.4 kb

Version 0.5.6

In this version there are new and important features:

  • HTTP reconstruction file. ie: files downloaded with tools like DownThemAll
  • undecodec UDP and TCP “stream†with textual content
  • RTP dissector
  • SIP dissector
  • SDP dissector
  • Improved XI
  • many bugfix

This version of the SIP and RTP dissectors is not optimal. The (media) contents currently decoded have the following characteristics (limitations) :

  • only audio
  • audio codec: G711ulaw, G711alaw, G722, G729, G723 and G726
  • only static RTP payload type

More information: here

Thanks to our friend, Gianluca, from Xplico.

Post scriptum

Compliance Mandates

  • Forensics :

    PCI DSS 10.2, 12.9, A.1.4*, SOX DS7, HIPAA 164.308(a)(1) and (a)(6), FISMA IR-7, ISO 27001/27002 13.2.1, 13.2.3
    *Shared Hosting Providers Only

  • Network Monitoring :

    PCI DSS Requirements 3, 4, SOX DS13.4, HIPAA 164.310(d)(1),
    164.312(a)(2)(iv), FISMA SI-4, AU-2, ISO 27001/27002 12.5.4, 15.1.5


Related Articles

Forensics
Network Monitoring
Xplico