In this section, we will look at some fantastic tools that complement Wireshark and help us in performing better analysis.
Xplico is a fantastic open source network forensics analysis tool and comes packaged with popular pen-testing and forensics Linux distributions.
Up and running with Xplico on Kali Linux:
To install Xplico manually, run the following command:
sudo apt-get install xplico
Once installed, we need to start Xplico's service by running:
/etc/init.d/xplico start
Also, make sure that the web service is running. This can be done by running
/etc/init.d/apache2 start
. Now we need to open the browser and browsehttp://127.0.0.1:9876
and usexplico
andxplico
as the username and password.First, we need to create a new case and then a new session inside that case and later upload the PCAP file for analysis.
As mentioned in its Wiki page, Xplico can help reconstruct the contents of acquisitions performed with a packet sniffer...