Saturday, October 12, 2024
HomeComputer SecurityHow to Analyse a PCAP file WITH XPLICO - Network Forensic Analysis...

How to Analyse a PCAP file WITH XPLICO – Network Forensic Analysis Tool

Published on

Malware protection

Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection.

Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a proactive investigation.

What is PCAP File?

In the field of computer network administration, pcap (packet capture) consists of an application programming interface (API) for capturing network traffic.

- Advertisement - SIEM as a Service

Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap.

It is a Data file created by Wireshark (formerly Ethereal), a free program used for network analysis; contains network packet data created during a live network capture; used for “packet sniffing” and analyzing data network characteristics; can be analyzed using software that includes the libpcap or WinPcap libraries

Forensic Analysis Medium

Well, we will be using a tool known as XPLICO, xplico is an open-source NFAT (Network Forensic Analysis Tool), the goal of Xplico is to extract from an internet traffic capture the application’s data contained.

Must Read Complete Kali Tools tutorials from Information gathering to Forensics

For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on
To know more about XPLICO tool click here

Procedure – Network Forensics

  • Open the terminal and start the xplico service by the command “etc/init.d/xplico start” or “service xplico start”
  • Go to the browser and type the following URL “ http://localhost:9876/ ”By the following credentials log in to the xplico web interface

“Username : xplico”
“Password : xplico”

  • Click on the new case and give it a name and a reference number and click Create.
  • Click on the case name (eg: test)
  • Click on a new session and give it a name (eg: analysis-1) and click on create
  • Click on the name of the session (eg analysis-1)
  • Click on browse and browse your PCAP file
  • After loading it on xplico interface click on the upload button
  • After the uploading process, the tool will start decoding
  • After the decoding process, you will get the status as shown below
  • Now you can get the overview of the analysis and in the left pane, you will have the option to navigate to the analysis done (below is the screenshot of the graph of DNS messages).

Conclusion

XPLICO – This tool is simple and easy to use also it does an intense analysis of the Packet Capture –PCAP file, This tool is pre-loaded in many penetrations testing Linux flavors such as KALI LINUX, PARROT OS, DEFT, Security Onion, Backbox, Pentooetc.

Source & credits

This article was provided to www.gbhackers.com by Shankara Narayanan Co-Leader at Hackers Day, a student at Tamil Nadu Dr. Ambedkar Law University.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Digital Wallets Bypassed To Allow Purchase With Stolen Cards

Digital wallets enable users to securely store their financial information on smart devices and...

Top 10 Best Penetration Testing Companies & Services in 2024

Penetration Testing Companies are pillars of information security; nothing is more important than ensuring...

Best SIEM Tools List For SOC Team – 2024

The Best SIEM tools for you will depend on your specific requirements, budget, and...