Open Source Windows Packet Sniffers
Sort By:
Packet Sniffers for Windows
View 10 business solutionsBrowse free open source Packet Sniffers and projects for Windows below. Use the toggles on the left to filter open source Packet Sniffers by OS, license, language, programming language, and project status.
-
$300 in Free Credit Towards Top Cloud ServicesStart your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale.
-
Fully Managed MySQL, PostgreSQL, and SQL ServerCloud SQL handles your database ops end to end, so you can focus on your app.
-
1
Divert
WinDivert: Windows Packet Divert
Windows Packet Divert (WinDivert) is a user-mode packet interception library for Windows 7, Windows 8 and Windows 10. WinDivert can be used to implement user-mode packet filters, sniffers, firewalls, NATs, VPNs, IDSs, tunneling applications, etc. -
2
NetStalker
A network tool to control the bandwidth over your local network
A network tool to control the bandwidth over your local network, it can block internet access from any selected device, or limit its speed using packet redirection, in addition, it can log web activity for the targeted device using a built-in packet sniffer. Bandwidth limitation for better distribution of internet speed across devices, both upload and download speeds can be controlled for each device separately. A Packet Sniffer that is intended to log addresses that each device on the network visits with the ability to decode Http headers for HTTP packets and resolve domains for HTTPS packets, also the packet direction can be chosen in order to capture requests only or requests and responses. -
3
Sniffnet
Application to comfortably monitor your Internet traffic
Application to comfortably monitor your Internet traffic. Multithreaded, cross-platform, and reliable. Sniffnet is completely free, open-source software which needs lots of effort and time to develop and maintain. Save complete textual reports with detailed information for each network connections. Get details about domain names and network providers of the hosts you are exchanging traffic with. -
4
NetworkMiner packet analyzer
The Network Forensics Tool
NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that can detect the OS, hostname and open ports of network hosts through packet sniffing or by parsing a PCAP file. NetworkMiner can also extract transmitted files from network traffic. New versions of NetworkMiner are released exclusively on www.netresec.com since version 2.0 of NetworkMiner. This page on SourceForge is only kept to provide hosting of older versions of the software. To get the latest version of NetworkMiner, please visit: http://www.netresec.com/?page=NetworkMiner -
Go From AI Idea to AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
5
Arkime
A full packet capturing, indexing, and database system
Arkime is an open source, large-scale, full packet capturing, indexing, and database system designed to augment existing security infrastructure by storing and indexing network traffic in standard PCAP format. It offers full network visibility, facilitating the swift identification and resolution of security and network issues. Security teams gain access to the necessary network visibility data essential for responding to and investigating incidents to expose the full attack scope. Designed to be deployed across multiple clustered systems, Arkime provides the ability to scale to hundreds of gigabits per second. It allows security analysts to respond, reconstruct, investigate, and confirm information about the threats within your network, enabling appropriate responses quickly and precisely. As an open-source platform, Arkime provides users with the benefits of transparency, cost-effectiveness, flexibility, and community support. -
6
Scapy
Scapy is a Python-based interactive packet manipulation program
Scapy is a powerful Python-based interactive packet manipulation program and library. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow fast packet prototyping by using default values that work. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, wireshark, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VoIP decoding on WEP protected channel, ...), etc. Scapy supports Python 2.7 and Python 3 (3.4 to 3.7). It's intended to be cross platform, and runs on many different platforms (Linux, OSX, *BSD, and Window -
7
BTLE
Bluetooth Low Energy (BLE) packet sniffer and transmitter
BTLE is a free and open-source Software Defined Radio Bluetooth Low Energy (BLE) software suite. BLE sniffer. Besides sniff broadcasting/fixed channels, it can also track channel hopping of a communication link. Universal BLE packet transmitter. Besides BLE standard, it supports also raw bit mode to generate arbitrary GFSK packets. In this way, you can test non-standard protocols or standards under discussion before chipping in the market. -
8
Netgraph
A cross platform http sniffer with a web UI
Netgraph is a packet sniffer tool that captures all HTTP requests/responses, and displays them in a web page. You can run Netgraph in your Linux server without a desktop environment installed, and monitor HTTP requests/responses in your laptop's browser. -
9
PacketStreamer
Distributed tcpdump for cloud native environments
Deepfence PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence's ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis. PacketStreamer sensors are started on the target servers. Sensors capture traffic, apply filters, and then stream the traffic to a central receiver. Traffic streams may be compressed and/or encrypted using TLS. The PacketStreamer receiver accepts PacketStreamer streams from multiple remote sensors and writes the packets to a local pcap capture file. PacketStreamer sensors collect raw network packets on remote hosts. It selects packets to capture using a BPF filter, and forwards them to a central receiver process where they are written in pcap format. Sensors are very lightweight and impose little performance impact on the remote hosts. PacketStreamer sensors can be run on bare-metal servers, on Docker hosts, and on Kubernetes nodes. -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
10
xdp
Package xdp allows one to use XDP sockets
Package github /asavie/xdp allows one to use XDP sockets from the Go programming language. With the default UDP payload size of 1400 bytes, running on Linux kernel 5.1.20, on a tg3 (so no native XDP support) gigabit NIC, sendudp does around 980 Mb/s, so practically line rate. TL;DR: in the same environment, sending a pre-generated DNS query using an ordinary UDP socket yield around 30 MiB/s whereas sending it using the senddnsqueries example program yields around 77 MiB/s. Connecting a PC with Intel Core i7-7700 CPU running Linux kernel 5.0.17 and igb driver to a laptop with Intel Core i7-5600U CPU running Linux kernel 5.0.9 with e1000e with a cat 5E gigabit ethernet cable. -
11
Shadow Network Fingerprinting Engine
SNF is a 100% offline, air-gap passive network intelligence engine
# SNF — Shadow Network Fingerprinting Engine 100% offline. Air-gap-native. Written entirely in Rust. SNF captures raw packets, reconstructs TCP/UDP flows, and runs them through 14 deterministic protocol analyzers. It detects C2 beacons, DGA domains, DNS tunnels, lateral movement, data exfiltration, and full ICS/SCADA protocol abuse across Modbus, S7comm, EtherNet/IP, PROFINET, and DNP3. Every run produces structured NDJSON with a determinism guarantee — same PCAP, same config, same version, SHA-256 identical output every time. Court-admissible evidence bundles built in. **Zero network calls. Ever. Not a setting. Architecture.** ## Validated Results - Emotet epoch 3 PCAP — 23 IOC hits, 52 threat matches - MAWI backbone — 14.9M packets, zero crashes, 332K graph nodes - nmap standard scan — 1,971 scan events detected ## Links - Website: https://shadownf.com - GitHub (open core): https://github.com/padigeltejas/snf-core -
12
Packetyzer is a network protocol analyzer for Windows, also know as a packet sniffer. It is based on the Ethereal project, but provides a native Windows GUI. Packetyzer can capture from virtually any network adapter and supports many advanced features.
-
13
Monitor of Death is a simple network monitor. It will show all IP addresses connected to an IP address. It will show ports and MAC addresses. It will also display packets in hexadecimal, if that is useful to you. *Linux version must be run as Root.
-
14
-
15
An IP Based decentralised Call recorder in Java Main Components: Packet Sniffer (included offline tcpdump file andalyzer) , SIP/RTP Analyzer (separates SIP and RTP packets from the stream , Network Mapper (Draws a diagram of the nodes)
-
16
L2Acc is a packet sniffer for Lineage 2 (C4) game that uses WinPCap. It tracks the private shop prices and provides market evolution, scans the inventory and calculates its value, recipe budgets, allows recipe search and price estimation.
-
17
Packet Sniffer
Sniffs Packet on lan
This project uses JPcap library. By using it you can view Packet level information about ongoing traffic on your network. For windows7 you need to run the Jar file as Admin. -
18
A Java based network analyzer and packet sniffer - much like Ethereal. It is an Eclipse plugin that enables Java programmers capture and analyze network packets all within the comfort of their familiar environment.
-
19
Python 3 Network Packet Sniffer
A Network Packet Sniffing tool developed in Python 3
A Network Packet Sniffer developed in Python 3. Packets are disassembled as they arrive at a given network interface controller and their information is displayed on the screen. This application depends exclusively on the NETProtocols library (also developed and maintained by EONRaider) from version 2.0.0 and above and can be run by any Python 3.8+ interpreter. -
20
SNIF
network packet sniffer
S.N.I.F : Seek Network Interface Frames is a network packet sniffer written by Damien MATTEI (Nice - FRANCE). Features: display the Ethernet card brand name of each grabbed frame, decodes data of network layers in different color, search for bytes . -
21
Skydive
An open source real-time network topology and protocols analyzer
Skydive is an open source real-time network topology and protocols analyzer providing a comprehensive way of understanding what is happening in your network infrastructure. Captures network topology, interface, bridge, and namespace attributes and keeps the history of all the modifications. Distributed probe, L2-L4 classifier, GRE, VXLAN, GENEVE, MPLS/GRE, MPLS/UDP tunneling support. Ability to follow a flow along a path in the topology. Support for external SDN Controllers or container-based infrastructure, OpenStack, OpenContrail, Docker. Supports extensions through API. Distributed, scalable, easy to deploy, only one static binary. -
22
Skynet is a network packet sniffer specialized for grabbing files downloaded by other users of satellite-ISP using DVB-card.
-
23
Sniffer4J
A java packet sniffer and forger that wraps pcap libs.
Sniffer4J is a java packet capture and manipulation tool that allows full analysis of a network. It is built upon pcap libs (winpcap, and libpcap) and can run in Windows and most Linux flavors. The current stable version (2.0) provides shared libraries (.dll and .SO) compiled and tested for both x86 and x64 architectures. Sniffer4J work’s by parsing packets in a comprehensive Pdu format. Each Pdu encapsulates the next one, making easy to navigate through the Frame. Frames can be forged in the same manner allowing them to be injected in the network. Sniffer4J support several protocols including: * Ethernet I & II (including LLC and SNAP frames) * Vlan (802.1Q) * Arp * Ipv4, Ipv6, (including options) * Next Header for IpV6 * Ipsec * TCP (including options) * Udp * Icmp (including RFC 2461 and Ipv6) * Lldp * Ipx And more to come… Remember: If you don’t test your network, some else will… Bernardo -
24
WinDivertSharp
A minimal .NET binding over WinDivert
A minimal .NET binding over WinDivert. Available on Nuget. -
25
YAPS can account for IP traffic on a \'Per-IP\' basis, using the pcap library. It can handle hundreds of megabits of traffic easily, and can generate hourly/daily reports (text, or csv) using a simple report utility.
