The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
Xplico is released under the GNU General Public License.

Features:

• Protocols supported: HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6.
• Port Independent Protocol Identification (PIPI) for each application protocol.
• Multithreading.
• Output data and information in SQLite or Mysql database and/or files.
• At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled.
• Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer -RAM, CPU, HD access time).
• TCP reassembly with ACK verification for any packet or soft ACK verification.
• Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server.
• No size limit on data entry or the number of files entrance (the only limit is HD size).
• IPv4 and IPv6 support.
• Modularity. Each Xplico component is modular. The input interface, the protocol decoder (Dissector) and the output interface (dispatcher) are all modules.
• The ability to easily create any kind of dispatcher with which to organize the data extracted in the most appropriate and useful to you.

Latest Release: Xplico v0.5.2

Download: http://www.xplico.org/download

A Georgian blogger with accounts on Twitter, Facebook, LiveJournal, and Google’s Blogger and YouTube was targeted in a denial-of-service attack that led to the site-wide outage at Twitter and problems at the other sites on Thursday, according to a Facebook executive.

The blogger, who uses the account name “Cyxymu,” (the name of a town in the Republic of Georgia) had accounts on all of the different sites that were attacked at the same time, Max Kelly, chief security officer at Facebook, told CNET News.

“It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard,” Kelly said. “We’re actively investigating the source of the attacks, and we hope to be able to find out the individuals involved in the back end and to take action against them, if we can.”

witter was down for several hours beginning early Thursday morning, and it suffered periodic slowness and time-outs throughout the day.

Cyxymu’s LiveJournal page wasn’t accessible, but a cached version showed that it was updated on Thursday with a message about the denial-of-service, or DoS, attacks on his accounts on the United States-based sites. “Now it’s obvious it’s a special attack against me and Georgians,” said the message, in Russian.

The site also apologized for a spam e-mail attack in which the sender was spoofed and made to look like the e-mails were sent by him. Screenshots are shown. It’s unclear whether or how the spam attack is related to the DoS attacks.

Facebook and Google were able to minimize any impact to their sites, including Blogger, YouTube, and Google Sites, a free Web site service. Facebook even managed to keep the Cyxymu account accessible to Web surfers from that region, Kelly said, though it was inaccessible to people in other geographic areas, including San Francisco.

Source: CNET News