The Anteater


Tranalyzer2 is a lightweight flow generator and packet analyzer designed for practitioners and researchers. Special value is set to simplicity, performance and scalability. It extends Cisco NetFlow's functionality and supports analysts in processing ultra large packet dumps. It supports the drill down process to the very flow or even packet of interest and is able to quickly produce a reduced pcap, which can then be analysed in depth by its very own text based packet mode or simply loaded in tcpdump or Wireshark.

The program is open-source, implemented in C and built upon the libpcap library. Tranalyzer provides functionality to analyze and generate key parameters and statistics from IP traces either being live-captured from Ethernet interfaces or pcap files. The quantity of binary and text based output of Tranalyzer depends on enabled plugins. Hence, users have the possibility to tailor the output according to their needs. Moreover, additional plugins can be developed independently of the functionality of other plugins.

Performance

Designed for heavy duty tasks such as real-time interface or unlimited pcap file input

Open Source

Licensed under the GNU GPL

Extendable

Flexible plugin architecture

Features

Aggregation

Flexible aggregation of packets into 0 - 10 tuple flows with flow cross-link, e.g., ICMP with the originating flow or FTP control with data, etc

Encapsulations

Protocol Encapsulations such as VLAN, L2TP, MPLS, PPP, GRE, GTP, ERSPAN, VXLAN, AYIYA, CAPWAP, Teredo, PIM, SCTP, etc

Output options

Specific output for troubleshooting, security and forensic purposes: Text, json and binary format. PostgreSQL, MongoDB and SQLite. NetFlow 9/10.

Reporting

Specific Reporting to assess pcap quality and anomalies

Easy post-processing

via Bash, Perl, Python, Awk, Tawk, ... how admins like it!

Monitoring

reports into standard tools such as RRD or Splunk

Forensics

packet mode, pcap reduction, data carving: HTTP, SMB, SMTP, POP, (T)FTP, VoIP, IRC, Telnet, etc

Accessible

Graphical support by t2plot, Gnuplot, Graphviz, Matlab, SPSS, SAS, etc GUI Development Framework

Tranalyzer Anteater