Tranalyzer2 is a lightweight flow generator and packet analyzer designed for practitioneers and researchers. Special value is set to simplicity, performance and scalability. It extends cisco netflow's functionality and supports analyists in processing ultra large packet dumps. It supports the drill down process to the very flow of interest, which can then be analysed in depth by tcpdump or wireshark. The program is implemented in C and built upon the libpcap library. Special versions will be also available for Endace DAG cards. In principle Tranalyzer provides functionality to analyze and generate key parameters and statistics from IP traces either being live-captured from ethernet interfaces or pcap files. The quantitiy of binary and text based output of Tranalyzer depends on enabled plugins. Hence, users have the possiblity to tailor the output according to their needs. Moreover, additional plugins can be developed independently of the functionality of other plugins.
Tranalyzer's features include:

  • Optimized and efficient code for practitioneers in heavy duty environments by compile flags
  • Easy to build by "autogen.sh" scripts
  • Digests unlimited size of pcap files.
  • Correct and flexible aggregation of packets into six tupel flows even when several packet traces are present
  • Runtime loadable plugins
  • Easy to extend
  • Flexible aggregation of packets into flows for VLANs, IP, Port and protocol .
  • Open Source (GPL2).
  • Embedded Protocols such as L2TP, MPLS, PPP, etc
  • Specific output files for troubleshooting, security and forensic purposes
  • Export Modules: Text and binary format
  • Specific Reporting to assess dump quality
  • Universal post-processing via bash, perl, awk, how admins like it
  • Graphical support by SPSS, SAS, matlab, gnuplot, graphiz due to simple tab separated output format
  • GUI support here