Network Detection and Response Tools
NDR platforms for real-time network threat detection, investigation, and automated response to network-based attacks.
Browse 120 network detection and response tools
FEATURED
USE CASES
High-performance packet capture library with zero copy functionality.
High-speed packet capture library with user-level network socket.
Zeek Remote desktop fingerprinting script for fingerprinting Remote Desktop clients.
Maltrail is a malicious traffic detection system utilizing blacklists and heuristic mechanisms.
A KDE Plasma 4 widget that displays real-time traffic information for active network connections on Linux computers.
PFQ v6.2 is a functional framework for Linux optimized for efficient packet capture/transmission and in-kernel processing.
Django based web application for network traffic analysis with protocol handling capabilities.
NFStream is a multiplatform Python framework for network flow data analysis with a focus on speed and flexibility.
A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices
A controller addon that provides additional security defenses for onion services ahead of official Tor-core release.
Passive Network Audit Framework (PNAF) v0.1.2 provides passive network auditing capabilities and is now a project of COSMIC-Chapter of The Honeynet Project.
PCAPdroid is a privacy-friendly app for tracking, analyzing, and blocking network connections on your device.
Accurate detection of HTTPS interception and robust TLS fingerprinting tool.
A package for capturing and analyzing network flow data and intraflow data.
A tool for classifying packets into flows based on 4-tuple without additional processing.
A multi-threading tool for sniffing HTTP header records with support for offline and live sniffing, TCP flow statistics, and JSON output.
A service for better visibility on networking issues in Kubernetes clusters by detecting traffic denied by iptables.
Apache Spot is an open source big data platform that analyzes network flows and packet data to identify security threats and provide visibility into enterprise computing environments.
Open source framework for network traffic analysis with advanced features.
An open source packet capture and forwarding tool that captures network packets on one machine and sends them to another for remote monitoring and analysis.
A TCP-based traceroute implementation that bypasses firewall filters to trace the path to a destination.
A toolset for collecting and processing netflow/ipfix and sflow data from netflow/sflow compatible devices.
Network Detection and Response Tools FAQ
Common questions about Network Detection and Response tools, selection guides, pricing, and comparisons.
NDR analyzes encrypted traffic metadata without decryption: packet sizes, timing patterns, TLS certificate information, connection frequencies, data transfer volumes, and JA3/JA3S fingerprints. Machine learning models trained on these metadata patterns can detect command-and-control communications, data exfiltration, and lateral movement even in fully encrypted traffic.
