How to Install Xplico on Ubuntu 20.04 (Step-by-Step Guide)

Richard (Senior Manager)

Study duration : 6 Minutes

0 Comment

2026/03/14

Install Xplico on Ubuntu 20.04 and turn raw PCAP captures into readable data like emails, HTTP sessions, and transferred files. Tools like Wireshark show you packets, but going through thousands of packets one by one isn’t always the easiest way to understand what really happened in the traffic.

Xplico focuses on rebuilding the actual data from those captures. Instead of just showing packet details, it can reconstruct things like emails, HTTP sessions, VoIP calls, and transferred files from protocols such as FTP. This makes it useful when you need to review or investigate network activity.

In the next sections, we’ll go through the steps required to install Xplico on Ubuntu 20.04. You can run Xplico on a remote server such as an Ubuntu VPS.

What is Xplico?

Xplico is an open-source network forensics tool designed to analyze captured network traffic. It works with PCAP files and rebuilds the actual application data from them.

Instead of showing only raw packets, Xplico can reconstruct things like emails, HTTP sessions, VoIP calls, and files transferred through protocols such as FTP.

Why Use Xplico for Network Forensics

When you open a PCAP file, you usually end up scrolling through packets and protocol details. That can take time, especially if you’re trying to understand what actually happened in the traffic.

Xplico helps by rebuilding the real data from those captures. Instead of only looking at packets, you can see things like emails, web sessions, VoIP calls, and transferred files in a more readable way.

Prerequisites

Before installing Xplico, make sure you have:

Ubuntu 20.04 installed

A user with sudo privileges

Install Xplico on Ubuntu 20.04

To start installing Xplico on Ubuntu 20.04, you must first enter the following command:

sudo bash -c 'echo "deb http://repo.xplico.org/ $(lsb_release -s -c) main" >> /etc/apt/sources.list'

Then in the next step you must use the following command to continue the installation:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 791C25CE

Now you need to update the system to apply the changes made using the command:

sudo apt-get update

Finally you need to install xplico using the following command:

sudo apt-get install xplico

Start Xplico Service

After installing Xplico, start the service with the following command:

sudo service xplico start

You can also check the service status using:

sudo service xplico status

How to Access Xplico Web Interface

Open a browser and go to:

http://your-server-ip:9876

If you installed Xplico on the same machine, you can also open:

http://localhost:9876

The Xplico login page should appear.

The default login credentials are:

Username: admin

Password: xplico

Analyze PCAP Files with Xplico

After logging in to the Xplico interface, create a new case and upload a PCAP file.
Xplico will process the capture and separate the reconstructed data into sections such as HTTP, email traffic, VoIP calls, and transferred files.

You can then open these sections to review the activity found in the capture.

Conclusion

Xplico should now be running on your Ubuntu 20.04 system. From the web interface, you can upload PCAP files and start looking through the reconstructed traffic. That’s all there is to it. Once everything is set up, you can use Xplico to review different types of network activity found in capture files.