Tranalyzer Background
Tranalyzer2 is a lightweight flow generator and packet analyzer designed for practitioneers and researchers. Special value is set to simplicity, performance and scalability. It extends cisco netflow's functionality and supports analyists in processing ultra large packet dumps. It supports the drill down process to the very flow of interest, which can then be analysed in depth by tcpdump, wireshark or by its inbuild text based packet mode. The program is implemented in C and built upon the libpcap library. Special versions will be also available for Endace DAG cards. In principle Tranalyzer provides functionality to analyze and generate key parameters and statistics from IP traces either being live-captured from ethernet interfaces or pcap files. The quantitiy of binary and text based output of Tranalyzer depends on enabled plugins. Hence, users have the possiblity to tailor the output according to their needs. Moreover, additional plugins can be developed independently of the functionality of other plugins.
Tranalyzer's features include:

  • Optimized and efficient code for practitioneers in heavy duty environments by compile flags
  • Easy to build by "" scripts
  • Digests unlimited size of pcap files.
  • Flexible aggregation of packets into 0 - 10 tuple flows even when several packet traces are present
  • Flow x-link e.g. icmp with the originating flow or ftp control with data, etc
  • Runtime loadable plugins
  • Easy to extend
  • Flexible aggregation of packets into flows for VLANs, IP, Port and protocol .
  • Open Source (GPL2).
  • Protocol Encapsulations such as L2TP, MPLS, PPP, SCTP, etc
  • Specific output for troubleshooting, security and forensic purposes
  • Export Modules: Text, json and binary format
  • Specific Reporting to assess pcap quality and anomaly
  • Universal post-processing via bash, perl, awk, how admins like it
  • Graphical support by SPSS, SAS, matlab, gnuplot, graphiz
  • Monitoring support, reports into RRD tool
  • Forensics support: Content and pcap extraction
  • Packet support: Easy to post process
  • Content extraction support
  • GUI support here