The Anteater

Tranalyzer2 is a lightweight flow generator and packet analyzer designed for practitioners and researchers. Special value is set to simplicity, performance and scalability. It extends Cisco NetFlow's functionality and supports analysts in processing ultra large packet dumps. It supports the drill down process to the very flow or even packet of interest and is able to quickly produce a reduced pcap, which can then be analyzed in depth by its very own text based packet mode or simply loaded in tcpdump or Wireshark.

The program is open-source, implemented in C and built upon the libpcap library. Tranalyzer provides functionality to analyze and generate key parameters and statistics from network traces either being live-captured from Ethernet interfaces or pcap files. The quantity of binary and text based output of Tranalyzer depends on enabled plugins. Hence, users have the possibility to tailor the output according to their needs. Moreover, additional plugins can be developed independently of the functionality of other plugins.


Designed for heavy duty tasks


Licensed under the GNU GPL


Flexible plugin-based architecture



Flexible aggregation of packets into 0 to 10 tuple flows with flow cross-link, e.g., ICMP with the originating flow or FTP control with data.


Geolocation and whois based IP address labeling and aggregation. Support tools: t2whois, t2netID, t2locate and MaxMind DB plugin.

Mining & AI support

For traffic mining, the preprocessing and proper mathematical transformation to find invariances represent about 90-95% of the work to produce a robust classifier which performs well in practice.


Protocol Encapsulations such as VLAN, L2TP, MPLS, PPP, GRE, GTP, ERSPAN, VXLAN, AYIYA, CAPWAP, Teredo, PIM, SCTP, etc.

Output options

Text, JSON and binary format. Reports into multiple databases: PostgreSQL, MongoDB, SQLite, MariaDB/MySQL and ClickHouse. Reports also into standard NetFlow 9/10 tools.


Assess pcap quality and detect anomalies. Generate summary reports of PCAP files (endpoints / protocol statistics, anomalies, ...). Specific reporting for troubleshooting, security and forensic purposes.

Easy post-processing

Via Tawk, Awk, Python, Bash, Perl, ... how admins like it!


Reports into standard tools such as RRDtool or Splunk

Data carving
Routing & switching

Support for several routing and switching protocols such as: BGP, OSPF, CDP, LLDP, STP, VRRP, etc.

Network management

Support for several network management protocols such as: RADIUS, VTP, NTP, DHCP, LDAP, etc.

Pcap generation

For performance tests often statistically correct upscaling of pcaps acquired at lower speeds is required. pcapd solves that problem for you.

Tranalyzer Anteater