Awesome PCAPTools

Distributed tcpdump for cloud native environments

ngrep is like GNU grep applied to the network layer. It's a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

A wrapper/facade/whatever to enable/ease the use of jNetPcap (a libpcap based packet sniffing lib) in Clojure

A toolset for network packet capture in Cloud/Kubernetes and Virtualized environment.

OpenFPC, Open Source Full Packet Capture

Official repository - Fully managed, cross platform (Windows, Mac, Linux) .NET library for capturing packets

Network Analysis Tool

Malicious HTTP traffic explorer

Protocol Analysis/Decoder Framework

fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols

A multi-threading tool to sniff TCP flow statistics and embedded HTTP headers from PCAP file. Each TCP flow carrying HTTP is exported to text file in json format.

Ipsumdump and other programs for command-line network trace manipulation.

A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.

A high level C++ network packet sniffing and crafting library.

A portable framework for low-level network packet construction

NFStream: a Flexible Network Data Analysis Framework.

A tool that provides a basic SQL-frontend to PCAP-files

A convertor from .pcap network capture files to HTTP Archive files.

PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, WinPcap, DPDK and PF_RING.

A simple utility to classify packets into flows. It's so simple that only one task is aimed to finish. For Deep Packet Inspection or flow classification, it's so common to analyze the feature of one specific flow. I have make the attempt to use made-ready tools like tcpflows, tcpslice, tcpsplit, but all these tools try to either decrease the trace volume (under requirement) or resemble the packets into flow payloads (over requirement). I have not found a simple tool to classify the packets into flows without further processing. This is why this program is born.

Potiron - Normalize, Index and Visualize Network Capture

Automatically exported from code.google.com/p/socket-sentry

TCP/IP packet demultiplexer. Download from:

Pcap editing and replay tools for *NIX and Windows - Users please download source from

High bandwidth for high-latency TCP connections

split a pcap file into smaller files on TCP flow boundaries

tcptrace is a tool written by Shawn Ostermann at Ohio University, for analysis of TCP dump files.

Process HTTP Pcaps With YARA

Yara is awesome, but sometimes you need to manipulate the data streams you're scanning in different ways.

An any-snarf program that processes application protocols (HTTP/FTP/...) from tcpdump or snoop files and stores session and file data

Foremost is a console program to recover files based on their headers, footers, and internal data structures. c.f., http://foremost.sourceforge.net/

'Packet Capture Forensic Evidence eXtractor' is a tool that finds and extracts files from packet capture files

Scalpel is an open source data carving tool. It is not being actively maintained.

USB packet capture for Windows

Some set of scripts to unpack odin packets into separate files

Hadoop library to read packet capture (PCAP) files