Looking for a good Free Network Analyzing tool

I can think of half a dozen different ways of parsing and analyzing pcap files, but without knowing the kind of data you're looking for (packet statistics, incidents of particular strings, rebuilding HTTP streams, etc.) and how exactly you want it output for analysis, it's difficult to recommend the appropriate solution.

Wireshark is pretty much the de facto tool for performing packet analysis, outside of specialized scripts written for very specific purposes.

If you're looking at EtherApe, then I assume you need both the ability to get an overall picture of all network traffic with the ability to drill down to the packet level for further analysis, correct? Is EtherApe lacking a specific function you need or are you just asking if anyone knows of anything better with similar functionality? The only other thing which comes to mind is using Squil in conjunction with replaying all of the traffic back over the lo interface.

Jeff

Chances are there won't be any one single tool that will do everything you want. You can look at the Data Types section on the NSMWiki for free open source software that would help.

luc_4246,

Are you looking for something specific? I ask because if you are then a recommendation may differ.

If you're looking at overall analysis research Netdude.

Alternatively, or in addition to, look at; chaosreader, tcpxtract, and pcap Parser (pcaputils).

Perhaps something here is proves useful!

farmerdude

http//www.forensicbootcd.com

http//www.onlineforensictraining.com

I would recommend you to take a look at pyflag, which has great network forensics capabilities!

pyflag.net

I think ntop might also consume tcpdump files, and should give you a pretty useful high-level view. I think the flag is "–pcap-log [filename]".

http//www.ntop.org/