PCAP Analyzer is a fully graphical tool that has been developed by Daniel Botterill as part of his MSc Computer Security degree, it has been designed to take in a PCAP capture file and report back any malicious behaviour identified.
It includes the following major features:
Displaying of packets with support for major protocols
Reassembly of TCP/UDP streams and HTTP response/reply streams
Detection of ICMP IPV4/IPV6 address sweeps
Importable blacklists with settable formats
Detection of denial of service attacks
Detection of domain name fluxing & similar domains detection
Detection of downloaded files with support for file identifier and virus scanner input
Detection of port scans & port knocks
Detection of single fast fluxing domains & multiple IP usage domains
Automated parsing of Snort log for PCAP files
Detection of various traffic patterns: constant HTTP requests, multiple Host User-Agent Referer requests and TCP/UDP similar messages
Draggable and filterable network map displaying computers, connections and malicious behaviour
If you are interested in using and developing for this tool please download it from here. The vast majority of features are avaliable at the beginning but some require additional setup. From this ZIP folder you should follow the instructions in README.txt. If you have time it would be greatly appreciated if you could also fill in the questionnaire contained within the folder. Please email any completed questionnaires or comments to Daniel.J.Botterill@gmail.com.
Below are some sample screenshots of the tool in action:
