I’ve recently saw a presentation by Stefano Fratepietro project leader of DEFT Linux, a live CD dedicated to the world of Computer Forensics, among the many interesting things shown in this presentation (expect a test drive Linux DEFT) there was also a small presentation of Xplico , a tool used to analyze a captured network session.
So what’s Xplico ?
From the forensic wiki
The Xplico is a Network Forensic Analysis Tool (NFAT). The main scope of Xplico is to extract all application data content from a network capture (pcap file or real-time acquisition). For example, Xplico is able to extract all e-mails carried by the POP and SMTP protocols, and all content carried by HTTP protocol from a pcap file.
Xplico is released under the GNU General Public License.