forked from the-tcpdump-group/tcpdump-htdocs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
related.html
530 lines (477 loc) · 28.4 KB
/
related.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
Created by : Luis MartinGarcia <http://www.aldabaknocking.com>
Original design : "Collaboration" by Free CSS Templates <http://www.freecsstemplates.org>
Original license : Creative Commons Attribution 2.5 License
-->
<html>
<!-- HEAD -->
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>Related Projects | TCPDUMP/LIBPCAP public repository</title>
<meta name="keywords" content="tcpdump, libpcap, pcap, packet capture, sniffer, security, eavesdrop">
<meta name="description" content="Web site of Tcpdump and Libpcap">
<link href="style.css" rel="stylesheet" type="text/css" media="screen">
<link rel="canonical" href="https://www.tcpdump.org">
</head>
<!-- END OF HTML HEAD -->
<!-- BODY -->
<body>
<!-- TOP MENU -->
<div id="menu">
<ul>
<li><a href="index.html">Home</a></li>
<li><a href="security.html">Security</a></li>
<li><a href="faq.html">FAQ</a></li>
<li><a href="linktypes.html">Link-Layer Header Types</a></li>
<li class="current_page_item"><a href="related.html">Related Projects</a></li>
<li><a href="license.html">Licenses</a></li>
<li><a href="old_releases.html">Old Releases</a></li>
<li><a href="mirrors.html">Mirrors</a></li>
</ul>
</div>
<!-- END OF TOP MENU -->
<!-- PAGE HEADER -->
<div id="splash">
<br><img src="images/logo.png" alt="">
</div>
<div id="logo">
<hr>
</div>
<!-- END OF PAGE HEADER -->
<!-- PAGE CONTENTS -->
<div id="page">
<!-- RIGHT HAND SIDE PAGE CONTENTS -->
<div id="content">
<!-- Start of RELATED PROJECTS section -->
<div class="post">
<h2 class="title">
<a name="intro">Related Projects</a>
</h2>
<div class="entry">
<p>
This pages lists a few projects that are related
to tcpdump or libpcap in some way. The list is not
very complete. If you think your project should be
added to this list, please subscribe to the
tcpdpump-workers mailing list and send a request.
Requests must have the following subject "[Web]
Request for new related project" and must contain
the name of the project, a brief description
(between 200 and 500 characters), a link to the
project page and the name of the person that sends
the request.
</p>
</div>
</div>
<!-- End of RELATED PROJECTS section -->
<!-- Start of PROJECT LIST section -->
<div class="post">
<h2 class="title">
<a name="project-list">Project List</a>
</h2>
<div class="entry">
<dl>
<dt><strong><a href="https://bitbucket.org/nathanj/ecap/wiki/Home">ECap</a></strong></dt>
<dd>
<p>
Ecap (external capture) is a distributed network sniffer with a web front-end.
<p>
Ecap was written many years ago in 2005, but a post on the tcpdump-workers mailing list requested a similar application... so here it is.
<p>
It would be fun to update it and work on it again if there's any interest.
</dd>
<dt>
<strong><a href="https://www.netexpect.org/">Network Expect</a></strong>
</dt>
<dd>
Network Expect is a
framework that allows to easily build tools that
can interact with network traffic. Following a
script, traffic can be injected into the network,
and decisions can be taken, and acted upon, based
on received network traffic. An interpreted
language provides branching and high-level
control structures to direct the interaction
with the network. Network Expect uses libpcap for
packet capture and libwireshark (from the
Wireshark project) for packet dissection tasks.
(GPL, BSD/Linux/OSX)
<br>
<strong>Submitted by: </strong>Eloy Paris
{peloy at chapus.net}<br><br>
</dd>
<dt>
<strong><a href="https://code.google.com/archive/p/socket-sentry">Socket Sentry</a></strong>
</dt>
<dd>
Socket Sentry is a real-time network traffic
monitor for KDE Plasma in the same spirit as
tools like iftop and netstat.
<br>
<strong>Submitted by: </strong>Rob Hasselbaum
{rob at hasselbaum.net}<br><br>
</dd>
<dt>
<strong><a href="https://sourceforge.net/projects/libnet-dev/">LibNet</a></strong>
</dt>
<dd>
Libnet is a collection of routines to help with the construction and
handling of network packets. It provides a portable framework for
low-level network packet shaping, handling and injection. Libnet
features portable packet creation interfaces at the IP layer and link
layer, as well as a host of supplementary and complementary
functionality. Using libnet, quick and simple packet assembly
applications can be whipped up with little effort.<br><br>
</dd>
<dt>
<strong><a href="https://sourceforge.net/projects/tcpreplay/">tcpreplay</a></strong>
</dt>
<dd>
Replays a pcap file on an interface using libnet.<br><br>
</dd>
<dt>
<strong><a href="https://www2.sonycsl.co.jp/person/kjc/kjc/software.html#ttt">TTT: Tele Traffic Tapper</a></strong>
</dt>
<dd>
TTT is yet another descendant of tcpdump but it is capable of
real-time, graphical, and remote traffic-monitoring. ttt won't
replace tcpdump, rather, it helps you find out what to look into
with tcpdump. ttt monitors the network and automatically picks up the
main contributors of the traffic within the time window. The graphs
are updated every second by default.<br><br>
</dd>
<dt>
<strong><a href="https://etherape.sourceforge.io/">EtherApe</a></strong>
</dt>
<dd>
EtherApe is a graphical network monitor for Unix modeled after
etherman. Featuring link layer, ip and TCP modes, it displays
network activity graphically. Hosts and links change in size
with traffic. Color coded protocols display. It supports
Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can
filter traffic to be shown, and can read traffic from a file as
well as live from the network.<br><br>
</dd>
<dt>
<strong><a href="https://github.com/the-tcpdump-group/tcpslice">TCPslice</a></strong>
</dt>
<dd>
TCPslice is a tool for extracting portions of packet
trace files generated using tcpdump's -w flag. It
can combine multiple trace files, and/or extract
portions of one or more traces based on time.
TCPslice originally comes from LBL and now is
maintained by tcpdump.org. We have not
made formal releases of it as yet, although
there have been some updates to it.<br><br>
</dd>
<dt>
<strong><a href="http://www.tcptrace.org">TCPTrace</a></strong>
</dt>
<dd>
TCPTrace analyzes the behavior of captured TCP streams, and accepts
many trace file formats (including pcap). It provides connection
statistics and several types of graphs, including the widely-used
time-sequence graphs.<br><br>
</dd>
<dt>
<strong><a href="https://github.com/simsong/tcpflow">tcpflow</a></strong>
</dt>
<dd>
tcpflow is a program that captures data transmitted as part of TCP
connections (flows), and stores the data in a way that is convenient for
protocol analysis or debugging. A program like 'tcpdump' shows a
summary of packets seen on the wire, but usually doesn't store the data
that's actually being transmitted. In contrast, tcpflow reconstructs
the actual data streams and stores each flow in a separate file for
later analysis.<br><br>
</dd>
<dt>
<strong><a href="https://www.snort.org/">snort</a></strong>
</dt>
<dd>
Snort is an open source network intrusion prevention
and detection system (IDS/IPS) developed by Sourcefire.
Combining the benefits of signature, protocol and
anomaly-based inspection, Snort is the most widely
deployed IDS/IPS technology worldwide. With millions
of downloads and approximately 300,000 registered
users, Snort has become the de facto standard for
IPS. <br><br>
</dd>
<dt>
<strong><a href="https://scapy.net/">Scapy</A></strong>
</dt>
<dd>
Scapy is a powerful interactive packet manipulation program.
It is able to forge or decode packets
of a wide number of protocols, send
them on the wire, capture them, match
requests and replies, and much
more. It can easily handle most
classical tasks like scanning,
tracerouting, probing, unit tests,
attacks or network discovery (it can
replace hping, 85% of nmap, arpspoof,
arp-sk, arping, tcpdump, tethereal,
p0f, etc.). It also performs very well
at a lot of other specific tasks that
most other tools can't handle, like
sending invalid frames, injecting your
own 802.11 frames, combining technics
(VLAN hopping+ARP cache poisoning,
VOIP decoding on WEP encrypted
channel, ...), etc.<br><br>
</dd>
<dt>
<strong><a href="https://zeek.org/">Zeek</a></strong>
</dt>
<dd>
Zeek (formerly Bro) is an open-source, Unix-based Network Intrusion
Detection System (NIDS) that passively monitors
network traffic and looks for suspicious activity.
Zeek detects intrusions by first parsing network
traffic to extract its application-level semantics
and then executing event-oriented analyzers that
compare the activity with patterns deemed
troublesome. Its analysis includes detection of
specific attacks (including those defined by
signatures, but also those defined in terms of
events) and unusual activities (e.g., certain
hosts connecting to certain services, or patterns
of failed connection attempts).<br><br>
</dd>
<dt>
<strong><a href="https://www.ntop.org/">Network Top</a></strong>
</dt>
<dd>
ntop is a network traffic probe that shows the
network usage, similar to what the popular top
Unix command does. ntop is based on libpcap and
it has been written in a portable way in order
to virtually run on every Unix platform and on
Win32 as well.<br><br>
</dd>
<dt>
<strong><a href="https://www.wireshark.org">Wireshark</a></strong>
</dt>
<dd>
A free network protocol analyzer for Unix and Windows. It allows
you to examine data from a live network or from a capture file on
disk. You can interactively browse the capture data, viewing summary
and detail information for each packet. Wireshark has several powerful
features, including a rich display filter language and the ability
to view the reconstructed stream of a TCP session.<br><br>
</dd>
<dt>
<strong><a href="https://www.caida.org/tools/measurement/coralreef/">CoralReef</a></strong>
</dt>
<dd>
CoralReef is a software suite developed by
<a href="https://www.caida.org/">CAIDA</a> to analyze data collected
by passive Internet traffic monitors. It provides a programming
library libcoral, similar to libpcap with extensions for ATM and
other network types, which is available from both C and Perl. The
software presently supports dedicated PC boxes using OC3mon and
OC12mon cards that collect traffic data in real time, as well as
reading from pcap tracefiles. Version 3.4 to be released soon
supports listening via bpf enabled devices. CoralReef includes
drivers, analysis, web report generation, examples, and capture
software. This package is maintained by CAIDA developers with the
support and collaboration of the Internet measurement community.<br><br>
</dd>
<dt>
<strong><a href="https://frenchfries.net/paul/tcpstat/">TCPstat</a></strong>
</dt>
<dd>
tcpstat reports certain network interface statistics much like vmstat
does for system statistics. tcpstat gets its information by either
monitoring a specific interface, or by reading previously saved tcpdump
data from a file.<br><br>
</dd>
<dt>
<strong><a href="http://netdude.sourceforge.net/">NetDude</a></strong>
</dt>
<dd>
netdude (NETwork DUmp data Displayer and Editor).
From their webpage, "it is a GUI-based tool that
allows you to make detailed changes to packets in
tcpdump tracefiles." <br><br>
</dd>
<dt>
<strong><a href="papers/bpf-usenix93.ps.Z">Usenix 93 paper on BPF</a></strong>
</dt>
<dd>
The libpcap interface supports a filtering mechanism based on the
architecture in the BSD packet filter. BPF is described in the 1993
Winter Usenix paper ``The BSD Packet Filter: A New Architecture for
User-level Packet Capture''.
<ul>
<li>
The original is at:
<a href="ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z">
ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z</a>
</li>
<li>
A copy is here:
<a href="papers/bpf-usenix93.ps.Z">compressed PostScript</a>
(144K),
<a href="papers/bpf-usenix93.ps.gz">gzip'ed PostScript</a>
(100K).
</li>
<li>
For the PostScript-impaired, here is some
<a href="papers/bpf-usenix93.pdf">PDF</a> (135K).
</li>
</ul>
</dd>
<dt>
<strong><a href="other/bpfext42.tar.Z">BPF for Ultrix</a></strong>
</dt>
<dd>
A distribution of BPF for Ultrix 4.2, with
both source code and binary modules.<br><br>
</dd>
<dt>
<strong><a href="papers/sigcomm99bpf+.ps.gz">
BPF+: Exploiting Global Data-flow Optimization in
a Generalized Packet Filter Architecture</a></strong>
</dt>
<dd>
By Andrew Begel, Steven McCanne, and Susan Graham, originally at:
<a href="http://www.cs.berkeley.edu/~abegel/sigcomm99/bpf+.ps">http://www.cs.berkeley.edu/~abegel/sigcomm99/bpf+.ps</a><br><br>
</dd>
<dt>
<strong><a href="https://pdos.csail.mit.edu/~engler/dpf.html">DPF</a></strong>
</dt>
<dd>
A paper presented at SIGCOMM '96 on an enhanced version of BPF.<br><br>
</dd>
<dt>
<strong><a href="wpcap.html">Win32 info</a></strong>
</dt>
<dd>
An extract of a message from Guy Harris on state of WinPcap and WinDump.<br><br>
</dd>
<dt>
<strong><a href="http://www.xplot.org/">Xplot</a></strong>
</dt>
<dd>
The program xplot was written in the late 1980s to support the analysis of TCP packet traces.<br><br>
</dd>
<dt>
<strong><a href="https://www.vanheusden.com/multitail/">Multitail</a></strong>
</dt>
<dd>
MultiTail now has a colorscheme included for monitoring the tcpdump
output. It can also filter, convert timestamps to timestrings and much
more.<br><br>
</dd>
<dt>
<strong><a href="http://netsniff-ng.org/">netsniff-ng</a></strong>
</dt>
<dd>
netsniff-ng is a free, performant Linux
network analyzer and networking toolkit.
<br> <strong>Submitted by: </strong>Daniel Borkmann<br><br>
</dd>
<dt>
<strong><a href="https://code.google.com/archive/p/libcrafter">libcrafter</a></strong>
</dt>
<dd>
Libcrafter is a high level library for
C++ designed to make easier the creation
and decoding of network packets. It is
able to craft or decode packets of most
common network protocols, send them on
the wire, capture them and match requests
and replies.
<br> <strong>Submitted by: </strong>Esteban Pellegrino<br><br>
</dd>
<dt>
<strong><a href="http://f00l.de/pcapfix/">pcapfix</a></strong>
</dt>
<dd>
pcapfix is a repair tool for corrupted pcap and pcapng files. It checks
for an intact pcap global header and packet block and repairs it if there
are any corrupted bytes. If a header is not present, one is created and
added to the beginning of the file. It then tries to find pcap packet
headers or packet blocks, and checks and repairs them.<br><br>
</dd>
<dt>
<strong><a href="https://github.com/six-ddc/httpflow">httpflow</a></strong>
</dt>
<dd>
Packet capture and analysis utility similar to tcpdump for HTTP.<br><br>
</dd>
<dt>
<strong><a href="https://pcapplusplus.github.io">PcapPlusPlus</a></strong>
</dt>
<dd>
A multiplatform C++ network sniffing, packet parsing and crafting framework.
It provide a lightweight, easy-to-use and efficient C++ wrapper for
libpcap and WinPcap.<br><br>
</dd>
<dt>
<strong><a href="https://termshark.io/">Termshark</a></strong>
</dt>
<dd>
A terminal UI for tshark, inspired by Wireshark.<br><br>
</dd>
<!--
<dt>
<strong><a href="">PROJECT</a></strong>
</dt>
<dd>
DESCRIPTION
<br> <strong>Submitted by: </strong>NAME<br><br>
</dd>
<dt>
<strong><a href="">PROJECT</a></strong>
</dt>
<dd>
DESCRIPTION
<br> <strong>Submitted by: </strong>NAME<br><br>
</dd>
-->
</dl>
</div>
</div>
<!-- End of PROJECT LIST section -->
</div>
<!-- RIGHT HAND SIDE PAGE CONTENTS -->
<!-- LEFT SIDEBAR -->
<div id="sidebar">
<ul>
<li>
<h2>Contents</h2>
<ul>
<li><a href="index.html#documentation">Documentation</a></li>
<li><a href="index.html#latest-releases">Latest Releases</a></li>
<li><a href="index.html#source">Current Development Version</a></li>
<li><a href="index.html#mailing-lists">Mailing List</a></li>
<li><a href="index.html#patches">Patches, Bug Reports and Feature Requests</a></li>
<li><a href="index.html#contribute">How to Contribute</a></li>
</ul>
</li>
</ul>
</div>
<!-- END OF LEFT SIDEBAR -->
</div>
<!-- END OF PAGE CONTENTS -->
<!-- FOOTER -->
<div id="footer">
<p>
© 2010-2021 The Tcpdump Group. Designed by
<a href="http://www.aldabaknocking.com/">Luis MartinGarcia</a>;
based on a template by <a href="https://templated.co/">TEMPLATED</a>.
<a href="https://validator.w3.org/check?uri=referer">[Valid HTML
4.01]</a> <a href="https://jigsaw.w3.org/css-validator/check/referer">
[Valid CSS]</a>
</p>
</div>
<!-- END OF FOOTER -->
</body>
<!-- END OF HTML BODY -->
</html>