Xplico is a Network Forensic Analysis Tool NFAT, for Unix and Unix-like operating systems. It uses libpcap, a packet capture and filtering library.
Xplico in console-mode permits you to decode a single pcap file, directory of pcap files or decode in realtime from an ethernet interface (eth0, eth1, …). To select the input type you have to use the -m option. The ‘-m’ option permits you to load a particular xplico capture interface (capture-module). The possible capture interfaces are ‘pcap’ and ‘rltm’. If you run “./xplico -h -m pcap” you have the help of pcap interface, obviously”./xplico -h -m rltm’ gives you help to use real time interface. In console-mode all files extracted by xplico are placed in ‘tmp/xplico/’ directory, every protocol has a particular directory, and inside this directory you can find the decoding data.
Download Link:- https://github.com/xplico/xplico