Open Source Network Forensic Analysis Tool (NFAT) 

Twitter E-mail RSS

Xplico 0.6.2: l7-patterns

This version introduces l7-patterns classifier for all flows not decoded, also there is the improvement of the real time acquisition, new features for the XI (Xplico Interface) and many bugs fixes.

ChangeLog:

  • l7-patterns for all flows/protocols not decoded by xplico
  • Xplico Interface (XI) improved
  • python3 porting of many scripts
  • realtime capture module improved
  • facebook chat realtime view
  • UTC/localtime bug fixes
  • l2tp dissector bug fixes
  • cli and lite dispatchers bug fixes
  • telnet dissector bug fixes
  • trigcap bug fixes
  • new script named session_mng.pyc to facilitate the creation of new case and/or new session from command line

We thank naif for his support and his availability.


The decoding performance are:

  • from command line: 5.9 MB/s
  • from Xplico Interface (XI) with SQLite DB (=> lite dispatcher): 1.76 MB/s
  • from Xplico Interface with MySQL DB (=> ximysql dispatcher): 4.09 MB/s

measured on an Aspire 5633WLMi (Intel Core 2 Duo processor T5500 with 1GB RAM an HD IDE controller) with the pcap http://domex.nps.edu/corp/scenarios/2009-m57/net/day11-18.dmp.zip (851 MB).

As always: Enjoy !