List of Open Source Network Forensic Tools

 

Greetings, everyone. I would like to share the list of my favourite open source tools for network forensic purpose during my time serving as network engineer a few years back.

Wireshark:

• Description: Wireshark is a widely-used network protocol analyzer that captures and interactively browses the traffic running on a computer network.
• Features: It allows for deep inspection of hundreds of protocols, live capture, and offline analysis, and has powerful display filters.
• Use Cases: Ideal for troubleshooting network issues, examining security incidents, and protocol development.

 

tcpdump:

• Description: tcpdump is a command-line packet analyzer. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
• Features: Captures packet data for analysis, with powerful filtering capabilities using the Berkeley Packet Filter (BPF) syntax.
• Use Cases: Useful for network diagnostics, capturing specific types of traffic for analysis, and as a backend tool for other forensic analysis.

 

Nmap:

• Description: Nmap (Network Mapper) is a free and open-source tool for network discovery and security auditing.
• Features: It can scan large networks to discover hosts, services, and operating systems, and can be used for network inventory, managing service upgrade schedules, and monitoring host or service uptime.
• Use Cases: Network inventory, host monitoring, and vulnerability assessment.

 

Xplico:

• Description: Xplico is an open-source Network Forensic Analysis Tool (NFAT) that extracts application layer data from internet traffic.
• Features: Can reconstruct the content of HTTP sessions, emails, VoIP calls, and other data traffic.
• Use Cases: Useful for forensic analysis of network traffic, particularly in reconstructing and examining specific types of communication.

 

SANS Investigative Forensics Toolkit (SIFT):

• Description: SIFT is a collection of free and open-source tools designed to perform detailed digital forensic investigations.
• Features: Combines network forensic tools with file system forensic tools, and supports analysis of raw disks, multiple file systems, and evidence formats.
• Use Cases: Comprehensive forensic investigations, incident response, and detailed analysis of network and system data.