tcpreplay by appneta

Pcap editing and replay tools for *NIX and Windows - Users please download source from

created at Nov. 20, 2013, 1:10 a.m.

51 +0

1,192 +1

269 +0

tcpflow by simsong

TCP/IP packet demultiplexer. Download from:

created at April 1, 2012, 12:44 a.m.

79 +0

1,686 +1

237 +0

hadoop-pcap by RIPE-NCC

Hadoop library to read packet capture (PCAP) files

created at Oct. 2, 2011, 12:59 p.m.

40 +0

208 +0

100 +0

scalpel by sleuthkit

Scalpel is an open source data carving tool. It is not being actively maintained.

created at June 27, 2013, 4:59 p.m.

44 +0

627 +0

99 +0

pcapfex by vikwin

'Packet Capture Forensic Evidence eXtractor' is a tool that finds and extracts files from packet capture files

created at Nov. 5, 2015, 1:47 p.m.

19 +0

214 +1

41 +0

yaraprocessor by MITRECND

Yara is awesome, but sometimes you need to manipulate the data streams you're scanning in different ways.

created at Jan. 10, 2013, 6:49 p.m.

26 +0

97 +0

11 +0

YaraPcap by kevthehermit

Process HTTP Pcaps With YARA

created at June 29, 2013, 3:57 p.m.

11 +0

101 +0

25 +0

potiron by CIRCL

Potiron - Normalize, Index and Visualize Network Capture

created at Aug. 27, 2014, 7:46 a.m.

19 +0

83 +0

20 +0

pkt2flow by caesar0301

A simple utility to classify packets into flows. It's so simple that only one task is aimed to finish. For Deep Packet Inspection or flow classification, it's so common to analyze the feature of one specific flow. I have make the attempt to use made-ready tools like tcpflows, tcpslice, tcpsplit, but all these tools try to either decrease the trace volume (under requirement) or resemble the packets into flow payloads (over requirement). I have not found a simple tool to classify the packets into flows without further processing. This is why this program is born.

created at Dec. 20, 2012, 1:17 p.m.

13 +0

166 +0

46 +0

pcap2har by andrewf

A convertor from .pcap network capture files to HTTP Archive files.

created at July 19, 2010, 11 p.m.

25 +0

237 +0

68 +0

http-sniffer by caesar0301

A multi-threading tool to sniff TCP flow statistics and embedded HTTP headers from PCAP file. Each TCP flow carrying HTTP is exported to text file in json format.

created at Dec. 1, 2012, 9:58 a.m.

12 +0

188 +0

51 +0

chopshop by MITRECND

Protocol Analysis/Decoder Framework

created at Sept. 18, 2012, 5:51 p.m.

71 +0

489 +0

112 +0

CapTipper by omriher

Malicious HTTP traffic explorer

created at Jan. 13, 2015, 9:05 a.m.

63 +0

711 +1

159 +0

clj-net-pcap by ruedigergad

A wrapper/facade/whatever to enable/ease the use of jNetPcap (a libpcap based packet sniffing lib) in Clojure

created at Nov. 13, 2012, 8:13 p.m.

7 +0

67 +0

30 +0

PcapPlusPlus by seladb

PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, Npcap, WinPcap, DPDK, AF_XDP and PF_RING.

created at Oct. 7, 2014, 9:04 p.m.

95 +0

2,742 +4

675 +3

usbpcap by desowin

USB packet capture for Windows

created at Feb. 23, 2013, 10:47 p.m.

73 +0

926 +2

173 +0

libcrafter by pellegre

A high level C++ network packet sniffing and crafting library.

created at Oct. 29, 2012, 2:24 a.m.

34 +0

300 +1

88 +0

Chaosreader by brendangregg

An any-snarf program that processes application protocols (HTTP/FTP/...) from tcpdump or snoop files and stores session and file data

created at April 10, 2014, 12:56 a.m.

20 +0

224 +0

48 +0

tcptrace by blitz

tcptrace is a tool written by Shawn Ostermann at Ohio University, for analysis of TCP dump files.

created at Jan. 4, 2012, 1:42 p.m.

12 +0

76 +0

26 +0

joy by cisco

A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.

created at Jan. 8, 2016, 8:30 p.m.

112 -1

1,308 +0

329 +0