Top 5 network traffic monitoring tools

In the research of Internet user behavior analysis and abnormal behavior detection, protocol identification and feature extraction are the important technical means of network traffic feature analysis. Below, this article for everyone to introduce several commonly used network traffic feature extraction tool.

WireShark

WireShark is a common network packet analysis tool. The software can intercept a variety of network packets, display the details of the network packet, you can also analyze the existing message data, such as by tcpdump / Win Dump, WireShark and other collection of message data. WireShark provides a variety of filtering rules for packet filtering. Users can use the tools of the analysis function, access to a variety of network data characteristics.

Download: https://www.wireshark.org/

Tcptrace

Tcptrace is a tool for analyzing TCP traffic data files. Its input includes a variety of files based on the message collection program output, such as tcpdump, snoop, etherpeek, HPNet Metrix and WinDump. Use Tcptrace to get a variety of information about each communication connection, including: duration, number of bytes, send and receive fragments, retransmission, round trip time, etc., can also generate many graphics for the user’s subsequent analysis.

Download: http://www.tcptrace.org/

Tstat

Tstat is in the third part of the software Tcptrace on the basis of further development, you can in the ordinary PC hardware or data acquisition card for online message data collection. In addition, Tstat can also analyze the existing data packets, support a variety of dump format, such as libpcap library support format. Two-way TCP flow analysis can get new statistical features, such as blocking window size, out-of-order fragments, etc., these information in the server and client distinction, but also distinguish between intranet host and external network host.

Tstat analyze network traffic and generating three different types of measurement set: histogram, round robin databases and log files.

 

Tstat supports testing on Linux systems ( currently Ubuntu, Debian, RedHat and CentOS) and Mac OS X (from 10.6 Snow Leopard to the current 10.11 El Capitan).

Download: http://tstat.tlc.polito.it/

CapAnalysis

CapAnalysis is an effective network traffic analysis tool for information security specialists, system administrators and others who need to analyze a large number of captured network traffic. CapAnalysis by indexing the data set of the PCAP file, executing and converting its contents in a variety of forms, from a list containing TCP, UDP, or ESP streams, to a way to connect them to a geographic graphic. Can be deployed to debian32/64 bit, Ubuntu 32/64 bit system.

Download: http://www.capanalysis.net/ca/

Xplico

Xplico’s goal is to extract Internet traffic and capture the information contained in the application data. The decoding controller, IP/ network decoder, assembly and visualization system form a complete Xplico system. The system supports HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6 and other protocols.

Download: http://www.xplico.org/download