Packet capture analysis using Xplico
The protocols that we can investigate using Xplico include, but are not limited to, the following:
- Transmission Control Protocol (TCP)
- User Datagram Protocol (UDP)
- Hypertext Transfer Protocol (HTTP)
- File Transfer Protocol (FTP)
- Trivial FTP (TFTP)
- Session Initiation Protocol (SIP)
- Post Office Protocol (POP)
- Internet Map Access Protocol (IMAP)
- Simple Mail Transfer Protocol (SMTP)
Data contained in network and internet packet captures, and even live acquisition, can contain artifacts such as the following:
- HTTP traffic, such as websites browsed
- Facebook chats
- Real-time transport protocol (RTP) and Voice over Internet Protocol (VoIP)
- Printed files
Important note:
Traffic encrypted using Secure Sockets Layer (SSL) cannot currently be viewed with Xplico.
Specialized commercial tools, such as FTK, EnCase, and Belkasoft, may have to be purchased to view encrypted traffic...
