Packet capture analysis using Xplico
Whether using Kali Linux or DEFT Linux, for this chapter we will be using publicly-available, sample packet capture (.pcap
) files that can be downloaded at http://wiki.xplico.org/doku.php?id=pcap:pcap.
The files needed are:
DNS
MMS
Webmail: Hotmail/Live
HTTP (web)
SIP example 1
We will also require an SMTP sample file available from the Wireshark sample captures page at https://wiki.wireshark.org/SampleCaptures.
HTTP and web analysis using Xplico
In this exercise, we upload the HTTP (web) (xplico.org_sample_capture_web_must_use_xplico_nc.cfg.pcap
) sample packet capture file.
For this HTTP analysis, we use Xplico to search for artifacts associated with the HTTP protocol such as URLs, images from websites, and possible browser-related activities.
Once Xplico has been started, log in using the following credentials:
Username
:xplico
Password
:xplico
We then choose New Case
from the menu on the left and select the Uploading PCAP capture file/s
button as we will be uploading...