Features

Aggregation

Flexible aggregation of packets into 0 - 10 tuple flows with Flow cross-link e.g. ICMP with the originating flow or ftp control with data, etc

Encapsulations

Protocol Encapsulations such as VLAN, L2TP, MPLS, PPP, GRE, GTP, ERSPAN, VXLAN, AYIYA, CAPWAP, Teredo, PIM, SCTP, etc

Output options

Specific output for troubleshooting, security and forensic purposes: Text, json and binary format. PostgreSQL, MongoDB and SQLite. NetFlow 9 and 10.

Reporting

Specific Reporting to assess pcap quality and anomalies

Easy post-processing

via Bash, Perl, Python, Awk, how admins like it

Monitoring

reports into standard tools such as RRD or Splunk

Forensics

packet mode, data carving: HTTP, SMB, SMTP, (T)FTP, VoiP, etc

Accessable

Graphical support by SPSS, SAS, Matlab, Gnuplot, Graphviz

GUI Development Framework

The Anteater


Tranalyzer2 is a lightweight flow generator and packet analyzer designed for practitioners and researchers. Special value is set to simplicity, performance and scalability. It extends Cisco NetFlow's functionality and supports analysts in processing ultra large packet dumps. It supports the drill down process to the very flow of interest, which can then be analysed in depth by tcpdump, Wireshark or by its text based packet mode. The program is implemented in C and built upon the libpcap library. Tranalyzer provides functionality to analyze and generate key parameters and statistics from IP traces either being live-captured from Ethernet interfaces or pcap files. The quantity of binary and text based output of Tranalyzer depends on enabled plugins. Hence, users have the possibility to tailor the output according to their needs. Moreover, additional plugins can be developed independently of the functionality of other plugins.

Performance

Designed for heavy duty tasks such as real-time interface or unlimited pcap file input

Open Source

Open Source (GPL2)

Extendable

Flexible plugin architecture

Tranalyzer Anteater