Foremost is a console program to recover files based on their headers, footers, and internal data structures. c.f., http://foremost.sourceforge.net/
created at Jan. 10, 2013, 9:08 p.m.
Yara is awesome, but sometimes you need to manipulate the data streams you're scanning in different ways.
created at Jan. 10, 2013, 6:49 p.m.
A simple utility to classify packets into flows. It's so simple that only one task is aimed to finish. For Deep Packet Inspection or flow classification, it's so common to analyze the feature of one specific flow. I have make the attempt to use made-ready tools like tcpflows, tcpslice, tcpsplit, but all these tools try to either decrease the trace volume (under requirement) or resemble the packets into flow payloads (over requirement). I have not found a simple tool to classify the packets into flows without further processing. This is why this program is born.
created at Dec. 20, 2012, 1:17 p.m.
A multi-threading tool to sniff TCP flow statistics and embedded HTTP headers from PCAP file. Each TCP flow carrying HTTP is exported to text file in json format.
created at Dec. 1, 2012, 9:58 a.m.
A wrapper/facade/whatever to enable/ease the use of jNetPcap (a libpcap based packet sniffing lib) in Clojure
created at Nov. 13, 2012, 8:13 p.m.
A high level C++ network packet sniffing and crafting library.
created at Oct. 29, 2012, 2:24 a.m.
Hadoop library to read packet capture (PCAP) files
created at Oct. 2, 2011, 12:59 p.m.