This tool generates extended netflow-like flow statistics from large pcap files or ethernet interfaces. It is intended to serve as a tool for IT troubleshooting, encrypted traffic mining and forensic analysis. A packet based "tshark mode" for detailed header and content inspection is also available. Flow based content extraction of all non encrypted protocols such as HTTP, FTP, TFTP, DNS, etc is a new feature of the 0.6.8.
- Efficient executable, configurable for a specific task via autogen
- Digests unlimited size of pcap files or interface traffic.
- Flexible aggregation of packets into six tupel flows
- Flexible aggregation of packets into flows for VLANs, IP, Port and protocol
- Embedded telecom protocols such as L2TP, MPLS, PPP, etc
- Specific output files for troubleshooting, security and forensic purposes
- Specific Reporting to assess pcap quality
- Universal post-processing via bash, perl, awk, how admins like it
- Graphical support by SPSS, SAS, matlab, gnuplot, graphiz due to simple tab separated output format
- AWK post-processing scripts for admins and researchers