PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, Npcap, WinPcap, DPDK, AF_XDP and PF_RING.

JA4+ is a suite of network fingerprinting standards

Warning lists to inform users of MISP about potential false-positives or other information in indicators

Simplifying SSL/TLS traffic analysis for researchers by making SSL decryption effortless.

CyberScan: Network's Forensics ToolKit

Poseidon is a python-based application that leverages software defined networks (SDN) to acquire and then feed network traffic to a number of machine learning techniques. The machine learning algorithms classify and predict the type of device.

Blackbook of malware domains

A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University

一款专为 CTF 竞赛设计的智能流量分析工具，支持多协议解析与自动化 Flag 提取，助力快速解题。

Every TCP Proxy Is Detectable With RTT Fingerprinting

Hands-On Network Forensics by Nipun Jaswal

A FUSE module to mount captured network data

Network Forensic & Anomaly Detection System; tailored for covert channel/network steganography detection

Collection of my network covert channel tools.

The goal of this project is to help researchers/investigaters to export the decrypted TLS content into a PCAP

The Network Traffic Analyzer is a Python script designed for capturing and analyzing network traffic, focusing primarily on DNS traffic. This tool provides users with the capability to monitor network activity in real-time and extract relevant information from captured packets.

Overview of some network tools that can be used during the network forensics (extended with some publicly available datasets)

Tor traffic analysis platform for extracting, classifying, and visualizing Tor network flows from PCAPs

Program for static analysis of pcap files and recreation of information sent

Modular ICS/OT cybersecurity toolkit for Modbus/TCP, Siemens S7Comm, and DNP3. Generates JSON/HTML reports and executive dashboards from PCAPs and safe Modbus scans. Includes sample PCAPs and ModbusPal for testing.