Open Source Network Forensic Analysis Tool (NFAT) 

Twitter E-mail RSS


We will participate in the DEFTCON 2012 in Turin (Italy) on March 30.
The conference will be in Italian, more information and the event program can be found here.

To register, write to

Xplico 0.7.1: DEFT Linux 7

We are pleased to announce the DEFT Linux 7 and the new release of Xplico.

Xplico 0.7.1 fixes some bugs:DEFT Linux 7

  • RTP bug fixed
  • dispatcher core functionality bug fixed
  • mfile manipulator bug fixed
  • XI bugs fixed
  • added DB migration tool

We are working to 1.0.0 version and you can try it here.

If you are a fun of Xplico, please vote for it 2011 Toolsmith Tool of the Year.


Xplico 0.6.1: MSN and Paltalk

In this version new dissectors, new features and obviously many bugfix:

  • Paltalk chat dissector
  • MSN dissector (beta basic version)
  • XI Cookie hijacking
  • XI pagination for Images and Web
  • XI XSS fixed
  • XI bugfix

We thank:

You can found Xplico 0.6.1 in DEFT Linux 6 and you can download image, source code and Ubuntu 10.10 package here.

Enjoy 😉

Xplico 0.5.7: VoIP tapping and phone numbers

This release introduces improvements in the SIP and RTP dissectors.
In this version was also added the RTCP dissector, with this dissector Xplico is able to obtain the phone numbers of the caller and called party (obviously only if present in the RTCP packets).

DEFT 5.1 Live distribution contains this version.

You can download source code and Ubuntu 10.04 package here.

Enjoy ;).

Xplico version 0.5.3 and DEFT Vx5

You can find this release in DEFT Vx5 Linux distribution.
You can download source code, Ubuntu 9.10 package and image here.

This version of Xplico introduce many new features:


  • snoop Packet Capture File Format as input file
  • DNS dissector with graphical representation in Xplico Interface (XI)
  • NNTP dissector
  • PPPOE dissector
  • direct live acquisition from XI
  • new dispatcher named CLI: this dispatcher organize the data extracted in a tree as this:

  • default  CLI dispatcher in command line execution
  • file extension for the HTTP contents

We have to thank:

Enjoy ;).

DEFT 4 console-mode

With DEFT4, without run X (deft-gui), you can capture and decode ethernet traffic in this way:
Read more…


DEFT4 has arrived! In this release, there are many new features.
The novelty of Xplico in Def4 are:

  • console-mode Xplico execution
  • acquisition and processing in realtime (in console-mode)
  • access to every HTTP message. You can examine:
    • request header and body
    • response header and body
    • Therefore it will be viewed the request body of the POST
  • Internet Printing Protocol (IPP) and Printer Job Language (PJL) dissectors. With these dissecors you can view, in PDF format, the pages printed with printers that use PCL5E, PCL5C, and PCL6 formats (for example HP LaserJet 2300dn, HP LaserJet 4). Other formats (ex: Zenographics ZJ-stream) are in development
  • viewing any video transited in HTTP with content-type “video/flv” extracted from pcap file (ex: YouTube video)
  • browsing all images transported in HTTP
  • improvement of displaying Web pages extracted from pcap file

Remember to run xplicostart from the Terminal and then launch Firefox with URL: http://localhost