Skip to main content

Network Forensic Tools

Network Forensic Tools

 

These products provide a network forensic capability. They record, store and analyse/display all network data and are therefore best served as inline appliances. These products can also reconstitute much of the data enabling the investigator to view the data as it was sent or how it would be received.

 

See Also Protocol Analysers

NIKSUN NetDetector is a full-featured appliance for network securitymonitoring built on NIKSUN’s NikOS architecture. It is a security monitoring appliance that integrates signature-based IDS functionality with statistical anomaly detection, analytics and ...

NIKSUN NetDetector
NETRESSEC AB

NetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD). NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, ho ...

NetworkMiner
Arkoon Network Security

Hakabana is an open source monitoring tool, which allows users to visiualizes Haka network traffic using Kibana and Elasticsearch. It leverages on the Haka framework to capture packets, dissect them and extract various pieces of information from the ...

Hakabana
Security Onion Solutions LLC

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools. The ...

Security Onion

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico ...

Edward Bjarte Fjellskål

A tool to collect DNS records passively to aid Incident handling, Network  Security Monitoring (NSM) and general digital forensics. PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file. Passive ...

US Army Research Lab

An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures. Key features:Robust stream reassemblyIPv4 and IPv6 supportCustom output handlersChainable decoders

Stenographer is a full-packet-capture utility for buffering packets to disk for intrusion detection and incident response purposes. It provides a high-performance implementation of NIC-to-disk packet writing, handles deleting those files as disk fills up, ...

Real-time threat detections across endpoints, data centers, and the cloud. Securing your network against advanced persistent threats (APTs) requires greater visibility to detect actors and their actions so that you can reduce your response time. As threa ...

LogRhythm NDR