Clone this wiki locally
The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
Our Xplico package will reach EOL (End Of Life) on June 5, 2018. After that date, we will no longer provide updates or support of any kind for Xplico. To remove Xplico from your system, please see the steps at the bottom of this page.
Xplico is disabled by default by modern versions of Setup. This is controlled by the
XPLICO_ENABLED setting in
The default username and password are:
The default admin username and password are:
For more information, please see:
If you don't use Xplico, you can remove it as follows.
Ensure that Xplico is disabled in
sudo sed -i 's|XPLICO_ENABLED=yes|XPLICO_ENABLED=no|g' /etc/nsm/securityonion.conf
Install all updates to ensure you're running the latest version of the
Remove Xplico and its dependencies:
sudo apt purge lame libgeoip-dev libjson-c-dev libmp3lame0 librecode0 php5-sqlite python3-httplib2 python3-psycopg2 recode securityonion-ndpi sqlite3 xplico
Remove Xplico shortcuts:
sudo rm /home/*/Desktop/securityonion-xplico*