Joy Logo

Joy

0
Free
Visit Website

A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring. Joy is a BSD-licensed libpcap-based software package for extracting data features from live network traffic or packet capture (pcap) files, using a flow-oriented model similar to that of IPFIX or Netflow, and then representing these data features in JSON. It also contains analysis tools that can be applied to these data files. Joy can be used to explore data at scale, especially security and threat-relevant data. JSON is used in order to make the output easily consumable by data analysis tools. While the JSON output files are somewhat verbose, they are reasonably small, and they respond well to compression. Joy can be configured to obtain intraflow data, that is, data and information about events that occur within a network flow, including: the sequence of lengths and arrival times of IP packets, up to some configurable number of packets. the empirical probabilit

FEATURES

ALTERNATIVES

A fast and simple recursive content discovery tool

A proof-of-concept for an adaptive parallelised DNS prober

Express middleware for detecting and redirecting Tor or Surface users.

Ensnare is a gem plugin for Ruby on Rails that enables quick deployment of a malicious behavior detection and response scheme using Honey Traps and Trap Responses.

OpenSnitch is a GNU/Linux application firewall with interactive outbound connections filtering and system-wide domain blocking capabilities.

An OpenFlow honeypot that detects unused IP addresses and simulates network traffic to attract and analyze potential threats

High-performance packet capture library with zero copy functionality.

Cilium is a networking, observability, and security solution with an eBPF-based dataplane.