Tranalyzer Background
Tranalyzer2 is a lightweight flow generator and packet analyzer designed for practitioners and researchers. Special value is set to simplicity, performance and scalability. It extends Cisco NetFlow's functionality and supports analysts in processing ultra large packet dumps. It supports the drill down process to the very flow of interest, which can then be analysed in depth by tcpdump, Wireshark or by its text based packet mode. The program is implemented in C and built upon the libpcap library. Tranalyzer provides functionality to analyze and generate key parameters and statistics from IP traces either being live-captured from Ethernet interfaces or pcap files. The quantity of binary and text based output of Tranalyzer depends on enabled plugins. Hence, users have the possibility to tailor the output according to their needs. Moreover, additional plugins can be developed independently of the functionality of other plugins.

  • Designed for heavy duty tasks such as real-time interface or unlimited pcap file input
  • Open Source (GPL2). Download newest version here.
  • Optimized and efficient code
  • Easy to build and extend
  • Runtime loadable plugins

  • Flexible aggregation of packets into 0 - 10 tuple flows
  • Flow cross-link e.g. ICMP with the originating flow or ftp control with data, etc
  • Protocol Encapsulations such as L2TP, MPLS, PPP, GRE, GTP, ERSPAN, VXLAN, AYIYA, CAPWAP, Teredo, PIM, SCTP, etc
  • Specific output for troubleshooting, security and forensic purposes: Text, json and binary format
  • Specific Reporting to assess pcap quality and anomalies
  • Easy post-processing via Bash, Perl, Python, Awk, how admins like it
  • Monitoring support, reports into standard tools such as RRD or Splunk
  • Forensics support: packet mode, data carving: HTTP, SMB, SMTP, (T)FTP, VoiP, etc
  • Password and NetNTLM hash extraction
  • Pcap indexing for automated extraction

  • Graphical support by SPSS, SAS, Matlab, Gnuplot, Graphviz
  • GUI Development Framework: Download newest version here