sngrep is a terminal tool that groups SIP (Session Initiation Protocol) Messages by Call-Id, and displays them in arrow flows similar to the used in SIP RFCs. The aim of this tool is to make easier the process of learnig or debugging SIP. Features: * Capture SIP packets from devices or read from PCAP file * Supports UDP, TCP and TLS (partially) transports * Allows filtering using BPF (Berkeley Packet Filter) * Save captured packets to PCAP file
Capdiss is a runtime environment for reading capture files (pcap, pcap-ng). It defines a simple event-driven API for Lua scripts. The aim of capdiss is to provide a comfortable environment for packet manipulation, where an analyst has to write less code, to do more, in a type-safe language. To achieve that, capdiss embeds powerful, yet minimalistic, scripting language Lua, and supports the native packet dissection framework Coroner.
etherpoke is a scriptable network session monitor. etherpoke defines three events: SESSION_BEGIN, SESSION_END, SESSION_ERROR to which a hook (system command) can be assigned. The event hook can be any program installed in the system. SESSION_BEGIN is triggered when the first packet matching the filter rule is captured. SESSION_END is triggered when the time since the last matching packet was captured exceeds the session timeout. SESSION_ERROR is triggered when it is no longer possible to pro
The goal of IP-Link is to see the relationships between different IP from network traffic capture, thus quickly for a given address with the IP that communicates the most. IP-Link offers several visualization methods.