23 tools and resources
netsniff-ng is a free Linux networking toolkit with zero-copy mechanisms for network development, analysis, and auditing.
A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files or live network traffic.
A collection of PCAPs for ICS/SCADA utilities and protocols with the option for users to contribute.
A Bluetooth 5 and 4.x sniffer using TI CC1352/CC26x2 hardware with advanced features and Python-based host-side software.
A utility for splitting packet traces along TCP connection boundaries.
PCAPdroid is a privacy-friendly app for tracking, analyzing, and blocking network connections on your device.
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
A tool for classifying packets into flows based on 4-tuple without additional processing.
A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.
A blog sharing packet capture files and malware samples for training and analysis, with archived posts and traffic analysis exercises.
A multi-threaded intrusion detection system using Yara for network and stream IDS
Network Dump data Displayer and Editor framework for tcpdump trace files manipulation.
A multi-threading tool for sniffing HTTP header records with support for offline and live sniffing, TCP flow statistics, and JSON output.
A tool for extracting files from packet capture files with ease of use and extensibility for Python developers.
replayproxy allows you to 're-live' a HTTP session captured in a .pcap file, parsing HTTP streams, caching them, and starting a HTTP proxy to reply to requests with matching responses.
A command line tool for running SQL queries on PCAP files with various output options and a simplistic web-server.
A Hadoop library for reading and querying PCAP files
Network metadata capture and analysis tool
Independent software vendor specializing in network security tools and network forensics.
A toolkit for forensic analysis of network appliances with YARA decoding options and frame extraction capabilities.
A package for capturing and analyzing network flow data and intraflow data.
Repository of pcap traces for evaluating Network Intrusion Detection Systems in HVAC systems.
Normalize, index, enrich, and visualize network capture data using Potiron.
