Top picks: CSPi Myricom nVoy Series AIR, fatt, NIKSUN® NikOS Everest™ — plus 45 more compared.
Security Operationspcapfex is a free tool. Security professionals most commonly compare it with . All 48 alternatives are matched by shared capabilities, tags, and NIST CSF 2.0 coverage.
A closer look at the 8 most relevant alternatives and competitors to pcapfex, including their key features and shared capabilities.
Automated network packet recording and breach investigation tool for IR teams.
Shares 3 capabilities with pcapfex: PCAP, Packet Capture, Network Forensic Analysis
A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files or live network traffic.
Shares 3 capabilities with pcapfex: PCAP, Packet Capture, Network Forensic Analysis
Network forensics platform with packet capture and analytics capabilities
A Bluetooth 5 and 4.x sniffer using TI CC1352/CC26x2 hardware with advanced features and Python-based host-side software.
An extensible network forensic analysis framework with deep packet analysis and plugin support.
A command-line tool that allows SQL queries to be executed directly on PCAP files for network traffic analysis with support for multiple output formats.
A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.
Network Dump data Displayer and Editor framework for tcpdump trace files manipulation.
Automated network packet recording and breach investigation tool for IR teams.
A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files or live network traffic.
Network forensics platform with packet capture and analytics capabilities
A Bluetooth 5 and 4.x sniffer using TI CC1352/CC26x2 hardware with advanced features and Python-based host-side software.
An extensible network forensic analysis framework with deep packet analysis and plugin support.
A command-line tool that allows SQL queries to be executed directly on PCAP files for network traffic analysis with support for multiple output formats.
A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.
Network Dump data Displayer and Editor framework for tcpdump trace files manipulation.
netsniff-ng is a free Linux networking toolkit with zero-copy mechanisms for network development, analysis, and auditing.
Independent software vendor specializing in network security tools and network forensics.
Cloud-based bare-metal malware analysis lab for SOC, CERT & CIRT teams.
FIM and config change monitoring tool with baseline deviation detection.
Online tool that provides automated behavioral analysis of PCAP files
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
OCyara performs OCR on images and PDF files to extract text content and scan it against Yara rules for malware detection.
A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
edb is a powerful debugger for Linux binaries, enhancing reverse engineering efforts with a user-friendly interface and extensible plugins.
LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.
Normalize, index, enrich, and visualize network capture data using Potiron.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
Yaraprocessor allows for scanning data streams in unique ways and dynamic scanning of payloads from network packet captures.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
A deprecated digital forensics tool by Netflix that helped investigators scope compromises across AWS cloud instances by identifying behavioral differences and outliers during security incidents.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A Hadoop library for reading and querying PCAP files
A network forensics tool for visualizing packet captures as network diagrams with detailed analysis.
Procmon for Linux is a reimagining of the classic Procmon tool from Windows, allowing Linux developers to trace syscall activity efficiently.
Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.
Chaosreader is a tool for ripping files from network sniffing dumps and replaying various protocols and file transfers.
High-performance remote packet capture and collection tool used for forensic analysis in cloud workloads.
Netcap efficiently converts network packets into structured audit records for machine learning algorithms, using Protocol Buffers for encoding.
POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.
Stenographer is a high-performance full-packet-capture utility for intrusion detection and incident response purposes.
A collection of tools to debug and inspect Kubernetes resources and applications, managing eBPF programs execution and mapping kernel primitives to Kubernetes resources.
A discontinued disk imaging utility originally developed by Intel that used block map files for efficient disk image copying operations.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
AMExtractor is an Android memory acquisition tool that dumps physical device memory using /dev/kmem without requiring kernel source code.
Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.
A tool that reads IP packets from the network or a tcpdump save file and writes an ASCII summary of the packet data.
A portable Rust-based tool for acquiring volatile memory from Linux systems without requiring prior knowledge of the target OS distribution or kernel.
Drltrace is a dynamic API calls tracer for Windows and Linux applications.
A decentralized network panic button that triggers emergency system shutdowns across networked machines via UDP broadcasts and HTTP to prevent cold boot attacks.
Porting GNU/Linux userland tools to the bionic/Linux userland of Android to provide access to the audit stream for Android applications with minimal overhead.
Network Forensic Analysis Tool for deep network traffic inspection and analysis.
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
A utility for splitting packet traces along TCP connection boundaries.
Common questions security professionals ask when evaluating alternatives and competitors to pcapfex.
The most popular alternatives to pcapfex include CSPi Myricom nVoy Series AIR, fatt, NIKSUN® NikOS Everest™, sniffle, and Dshell. These Digital Forensics and Incident Response tools offer similar capabilities and are frequently compared by security professionals evaluating their options.
