Loading...
tcpdump is a free Network Detection and Response tool. Security professionals most commonly compare it with Corelight Open NDR Platform. All 116 alternatives are matched by shared capabilities, tags, and NIST CSF 2.0 coverage.
A closer look at the 8 most relevant alternatives and competitors to tcpdump, including their key features and shared capabilities.
Network detection and response platform with IDS, NSM, and threat intel.
Continuous full packet capture and forensics for network investigations
NDR platform with DPI for network visibility, threat detection, and investigation
TLS decryption solution that extracts session keys from memory for traffic inspection
Modular network observability platform for packet brokering, capture & analytics.
Lossless packet capture & analysis appliance at 10–200 Gbps line rate.
Packet broker, capture & observability suite for hybrid network security.
Packet-based network observability platform for hybrid environments.
Network detection and response platform with IDS, NSM, and threat intel.
Continuous full packet capture and forensics for network investigations
NDR platform with DPI for network visibility, threat detection, and investigation
TLS decryption solution that extracts session keys from memory for traffic inspection
Modular network observability platform for packet brokering, capture & analytics.
Lossless packet capture & analysis appliance at 10–200 Gbps line rate.
Packet broker, capture & observability suite for hybrid network security.
Packet-based network observability platform for hybrid environments.
Passive network intelligence platform for gov/defense with real-time visibility.
Arkime is an open-source network capture and analysis tool that provides comprehensive network visibility, facilitating swift identification and resolution of security and network issues.
An open source packet capture and forwarding tool that captures network packets on one machine and sends them to another for remote monitoring and analysis.
A tool for classifying packets into flows based on 4-tuple without additional processing.
High-speed packet capture library with user-level network socket.
High-performance packet capture library with zero copy functionality.
Makes output from the tcpdump program easier to read and parse.
NDR solution providing network visibility, threat detection, and intrusion prevention
NDR platform for IT/OT environments with threat detection and CTI
Network detection and response platform for threat detection and analysis
AI-powered threat detection platform using self-supervised learning for NDR
NDR platform with NGIPS, NetFlow/sFlow analysis, SIEM, and correlation engine
NDR solution with threat intelligence, PCAP analysis, and SOC services
A network detection and response solution that uses AI and machine learning to monitor network traffic, identify malicious behavior, and connect related security events to reveal attack patterns without requiring endpoint agents.
SOCRadar DNS Monitoring provides real-time monitoring of DNS infrastructure with automated discovery, record change alerts, and detection of DNS-based security threats.
Network appliance detecting advanced threats via sandboxing & traffic analysis
Network detection and response system for threat detection and analysis
Cloud-native NDR with AI-based threat detection for SMBs
NDR platform for threat detection and response via network traffic monitoring
Digital experience monitoring for network, device, and app performance
AI-powered network detection and response platform for threat detection
Flow-based network traffic monitoring and bandwidth analysis tool
AI-driven threat detection platform identifying malicious behaviors across networks
AI-powered network threat detection across hybrid environments
Network traffic broker for visibility, monitoring, and traffic optimization
AI-powered NDR platform with UEBA for threat detection and network visibility
Network detection and response platform for threat detection and visibility
NDR solution that blocks malicious traffic before alerts are generated
Network traffic analysis tool for real-time intrusion detection and monitoring
NDR solution monitoring North-South & East-West traffic with 24/7 SOC analysis
Service that identifies network blind spots and unmanaged nodes.
Network Detection and Response platform for threat detection and investigation
Qualified network TAPs for traffic duplication and network monitoring
Network Detection and Response system for threat detection and response
Network detection and response platform with threat intel fusion and automation
Real-time network security monitoring for threat detection using DPI and sandbox
AI-powered network security platform with NDR, domain filtering, and 24x7 SOC
Transforms NAT gateways into security sensors for cross-cloud egress visibility
DNS-layer security solution for threat detection and policy enforcement
AI-powered NDR for network threat detection and malware defense
SaaS-based NDR platform for threat investigation and Tier 1 workflows
Behavior-based network threat detection at line speeds with live analysis
AI-powered network security solution for SMBs with sensor device and MSP portal
Embedded DPI & threat detection SDK for traffic classification & analysis
NDR solution that analyzes network traffic to detect threats and risks.
Bot detection service that verifies human users through challenges
Agentless network visibility platform for security posture management
TLS/SSL decryption for network traffic visibility and security analysis
Flow-based network monitoring platform for performance and security visibility
Network visibility and security insights platform for IT environments
Network & app performance monitoring platform with end-to-end visibility
DNS-layer network visibility and monitoring with query logging and analytics
AI-driven NDR for identifying and responding to network threats
Network abuse management platform for ISPs to automate abuse case handling.
CSP-delivered home network security for IoT and connected devices.
AI-based network threat detection using unsupervised machine learning.
AI-powered network cybersecurity platform for telcos to protect subscribers.
Zeek-based network traffic analysis & IDS platform for enterprise deployments.
Polish NDR appliance for network threat detection, forensics & GDPR compliance.
AI-based DNS security platform blocking tunneling, malware, and zero-days.
AI-powered DNS detection & response platform integrating DNSEye, DNSDome & Cyber X-Ray.
AI-native NDR for cloud, edge, and hybrid network threat detection.
Network flow & SNMP collector with analytics for traffic visibility.
Network digital twin platform for visibility, security & ops assurance.
Platform providing contextualized network data insights for security and ops teams.
Flow load balancer for distributing & filtering NetFlow records to collectors.
Network hop-limiting platform that reduces attack surface for MSSPs.
Network intelligence platform for detecting, and responding to security incidents
Enterprise network monitoring via deep packet inspection & traffic classification.
Network device & service visibility platform for ISPs using device fingerprinting.
AI-powered NDR platform for IT/OT threat detection across encrypted traffic.
Deep learning-based encrypted traffic classification up to 25 Gbps w/o decryption.
Flow-based network security monitoring tool using anomaly detection.
Preemptive threat blocking platform using IP segmentation and DNS security.
AI-driven network security platform for distributed IT/IoT environments.
AI-driven NDR platform providing continuous network visibility and IR.
Network defense platform with real-time content inspection & threat blocking
GNN-based NDR platform for agentless threat detection across IT, IoT, and OT.
AI-driven NDR platform detecting threats across network, identity, and cloud
Network monitoring and detection solution for threat analysis
A cross-platform network detection tool that identifies active Responder tools by sending LLMNR queries for fabricated hostnames.
A Zeek-based protocol analyzer that parses GQUIC traffic to extract connection metadata and create fingerprints for detecting anomalous network behavior.
Open source network security monitoring tool for traffic analysis
Open source Suricata-based NDR system with threat detection and analysis
NetFlow/IPFIX traffic analyzer for network visibility and anomaly detection.
A toolset for collecting and processing netflow/ipfix and sflow data from netflow/sflow compatible devices.
A TCP-based traceroute implementation that bypasses firewall filters to trace the path to a destination.
Open source framework for network traffic analysis with advanced features.
Apache Spot is an open source big data platform that analyzes network flows and packet data to identify security threats and provide visibility into enterprise computing environments.
A service for better visibility on networking issues in Kubernetes clusters by detecting traffic denied by iptables.
A multi-threading tool for sniffing HTTP header records with support for offline and live sniffing, TCP flow statistics, and JSON output.
A package for capturing and analyzing network flow data and intraflow data.
Accurate detection of HTTPS interception and robust TLS fingerprinting tool.
PCAPdroid is a privacy-friendly app for tracking, analyzing, and blocking network connections on your device.
Passive Network Audit Framework (PNAF) v0.1.2 provides passive network auditing capabilities and is now a project of COSMIC-Chapter of The Honeynet Project.
A controller addon that provides additional security defenses for onion services ahead of official Tor-core release.
A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices
NFStream is a multiplatform Python framework for network flow data analysis with a focus on speed and flexibility.
Django based web application for network traffic analysis with protocol handling capabilities.
PFQ v6.2 is a functional framework for Linux optimized for efficient packet capture/transmission and in-kernel processing.
A KDE Plasma 4 widget that displays real-time traffic information for active network connections on Linux computers.
Maltrail is a malicious traffic detection system utilizing blacklists and heuristic mechanisms.
Zeek Remote desktop fingerprinting script for fingerprinting Remote Desktop clients.
A specialized packet sniffer for displaying and logging HTTP traffic, designed to capture, parse, and log traffic for later analysis.
A network protocol analyzer for capturing and analyzing network traffic with a focus on TCP/IP flow reconstruction and response time tracking.
Common questions security professionals ask when evaluating alternatives and competitors to tcpdump.
The most popular alternatives to tcpdump include Corelight Open NDR Platform, ExtraHop Packet Forensics, NETSCOUT Omnis Cyber Intelligence, Nubeva SKI, and cPacket Unified Observability Platform. These Network Detection and Response tools offer similar capabilities and are frequently compared by security professionals evaluating their options.
