Xplico and CapAnalysis

As powerful a tool as Wireshark is, there may come a time when conducting a detailed examination of a packet capture, especially a larger packet capture, may not fit the incident. Furthermore, if an analyst wishes to isolate specific traffic such as HTTP or DNS traffic, there are tools that can be utilized for that purpose. Two such tools are Xplico and CapAnalysis. Both of these tools can be run on Linux operating systems and provide a platform for incident response analysts to gain an overall sense of what traffic is contained within a packet capture.

Get Digital Forensics and Incident Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.