Network Forensics - Xplico




Xplico is a network forensics analysis tool (NFAT), which is a software that reconstructs the contents of acquisitions performed with a packet sniffer (e.g. Wireshark, tcpdump, Netsniff-ng).

Unlike the protocol analyzer, whose main characteristic is not the reconstruction of the data carried by the protocols, Xplico was born expressly with the aim to reconstruct the protocols's application data and it is able to recognize the protocols with a technique named Port Independent Protocol Identification (PIPI).

The name "xplico" refers to the latin verb explico and its significance.

Xplico is free and open-source software, subject to the requirements of the GNU General Public License (GPL), version 2.


Ubuntu 32/64bit from 11.04 to 15.10

sudo bash -c 'echo "deb http://repo.xplico.org/ $(lsb_release -s -c) main" >> /etc/apt/sources.list'
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 791C25CE
sudo apt-get update
sudo apt-get install xplico


VirtualBox Image:

Download OVA here.
Based on  Free VirtualBox Image.
user: ubuntu
password: reverse

Source code:

Download here.
Installation instructions are in the INSTALL file and in the Wiki.


Ubuntu 12.10 32bit:

Download here.

Ubuntu Server 12.10 64bit:


Download here

Deafult Users

user: admin, xplico
password: xplico, xplico