PacketTotal:
allows you to upload a PCAP, or packet capture, file and
have it automatically analyzed and parsed against BRO
IDS and Suricata signatures in order to provide information on what may
have been detected in the capture file.
URL :
https://packettotal.com/
Microsoft Message Analyzer:
is the successor to Microsoft Network Monitor. It is helpful in
capturing, displaying, and analyzing protocol messaging traffic and
other system messages. It is not only an effective tool for
troubleshooting network issues, but for testing and verifying protocol
implementations as well.
Message Analyzer can certainly be used to analyze .pcap files. The tool
is generic and not specific to Microsoft, but certainly more focus is
put on the Windows scenarios so Microsoft related parsers are kept up to
date. However, you can
analyze virtually any kind of data, going beyond network captures like
EVT, ETW, CSV and many more.
Tools -> Options -> Parsing
Download Link :
https://www.microsoft.com/en-in/download/details.aspx?id=44226
CapAnalysis:
is a web visual tool for information security specialists,
system administrators and everyone who needs to analyze large amounts of
captured network traffic.
CapAnalysis performs indexing of data set of PCAP files and presents
their contents in many forms, starting from a list of TCP, UDP or ESP
streams/flows, passing to the geo-graphical representation of the
connections.
CapAnalysis is
Open Source.
Download Link :
https://www.capanalysis.net/ca/#download
Tcpdump
a powerful command-line packet analyzer; and
libpcap, a portable C/C++ library for
network traffic capture.
Its a premier network analysis tool.
Download Link :
http://www.tcpdump.org/#latest-releases
PCAP Analyzer:
is a fully graphical tool
that has been developed by Daniel Botterill as part of his MSc Computer
Security degree, it has been designed to take in a PCAP capture file and
report back any malicious behaviour identified.
It includes the following major features:
- Displaying of packets with support for major protocols
- Reassembly of TCP/UDP streams and HTTP response/reply streams
- Detection of ICMP IPV4/IPV6 address sweeps
- Importable blacklists with settable formats
- Detection of denial of service attacks
- Detection of domain name fluxing & similar domains detection
- Detection of downloaded files with support for file identifier and virus scanner input
- Detection of port scans & port knocks
- Detection of single fast fluxing domains & multiple IP usage domains
- Automated parsing of Snort log for PCAP files
- Detection of various traffic patterns: constant HTTP requests,
multiple Host User-Agent Referer requests and TCP/UDP similar messages
- Draggable and filterable network map displaying computers, connections and malicious behaviour
- Malware release automation (Windows Only)
- Malicious behaviour summary & uncategorised traffic