Tranalyzer Original

Network network pcap

Source (link to git-repo or to original if based on someone elses unmodified work): Add the source-code for this project on

6 .3

Tranalyzer2 is a lightweight flow generator and packet analyzer designed for practitioners and researchers. Special value is set to simplicity, performance and scalability. It extends Cisco NetFlow's functionality and supports analysts in processing ultra large packet dumps. It supports the drill down process to the very flow of interest, which can then be analysed in depth by tcpdump, Wireshark or by its text based packet mode. The program is implemented in C and built upon the libpcap library. Tranalyzer provides functionality to analyze and generate key parameters and statistics from IP traces either being live-captured from Ethernet interfaces or pcap files. The quantity of binary and text based output of Tranalyzer depends on enabled plugins. Hence, users have the possibility to tailor the output according to their needs. Moreover, additional plugins can be developed independently of the functionality of other plugins.
Last changelog:

Tranalyzer2 Tarantula version 0.8.8lmw4 is out! 13 days ago

* tranalyzer2:
- Improved error reporting
* macRecorder:
- Updated manuf.txt
* sslDecode:
- Updated sslblacklist.[ct]sv
* t2flowstat:
- Improved and extended replacement of flowstat
* t2whois:
- Fixed -k option to generate KML files
- Added missing libbsd-devel and readline-devel dependencies for CentOS/Fedora/Red Hat



3 years ago

This tool sdaved me a big time in troubleshooting a routing problem at a customer


Tranalyzer2 Tarantula version 0.8.8lmw4 is out! 13 days ago

* tranalyzer2:
- Improved error reporting
* macRecorder:
- Updated manuf.txt
* sslDecode:
- Updated sslblacklist.[ct]sv
* t2flowstat:
- Improved and extended replacement of flowstat
* t2whois:
- Fixed -k option to generate KML files
- Added missing libbsd-devel and readline-devel dependencies for CentOS/Fedora/Red Hat

Tranalyzer2 Tarantula version 0.8.8lmw2 is out! 1 month ago

* added -C option to check for new releases
* tranalyzer2: (thx to Diaf Alaeddine to test this feature)
- Corrected FDURLIMIT mode for unusual bursty traffic
- Added FDLSFINDEX: sub flows can have now the same findex
* dnsDecode: updated maldomain.txt
* icmpDecode:
- Improved packet mode
- Report aggregated icmpStat in final and monitoring report
- Detect covert channels such as Loki or OpenSSH in ICMP
* macRecorder: updated manuf.txt
* sslDecode: updated sslblacklist.[ct]sv
- Added -B option to change build backend (autotools, autotools-out-of-tree, cmake, meson)
- Added -G option to select CMake generator
* t2fm: added --reset option
* New tutorial: flow mode

Tranalyzer2 Tarantula version 0.8.8lmw1 is out! 3 months ago

* tranalyzer2, basicFlow, utils:
- Subnet control moved from basicFlow to tranalyzer2
- Subnet routines moved from basicFlow to utils/subnet
- New subnet aggregation mode
- IPv4/6 Tor address labeling
- Updated subnet files
- Fixed subnet, Tor generation
* basicFlow, basicStats, connStat: added support for subnet aggregation mode
* tranalyzer2: fixed bug in SCTP engine
* {dns,ssl}Decode,httpSniffer,tcpStates: used field name in 'Aggregated ...' report (easier to grep and decode)
* {json,mongo,mysql,psql,sqlite}Sink: added {JSON,MONGO,MYSQL,PSQL,T2_SQLITE}_SELECT options to only output/insert specific fields into the DB
* sqliteSink:
- Automatically grow query buffer as required
- Replaced SQLITE_QRY_LEN with SQLITE_QRY_MAXLEN to control maximum size of query buffer
- Discard flows which could not de be deserialized instead of exiting
- Use Tranalyzer -w option as database name
* dnsDecode:
- Report percentage of flows with alarms
- Updated domains blacklist
* entropy: added end report
* fnameLabel: added configuration flags: FNL_LBL, FNL_HASH, FNL_FLNM and FNL_FREL
* geoip:
- Replaced GEOIP_LEGACY configuration flag with GEOIP_LIB=[0,1,2]
- Faster direct MaxMindDB access
- t2mmdb: fast direct request to MaxMindDB
- t2mmdba: convert MaxMindDB to T2 subnet format
* macRecorder:
- Improved MAC labelling
- Updated manufacturers list
- Reduced memory usage
* nDPI: updated nDPI library to version 3.2
* regex_pcre: report percentage of flows with alarms
* sshDecode:
- Added SSH_ALGO to display chosen algorithms
- Added SSH_LISTS to display lists of supported algorithms
- Added SSH_FINGERPRINT to output fingerprints as MD5 or SHA256
- Improved detection of Elliptic Curve Diffie-Hellman Key Exchange
* sslDecode: updated blacklist
* bin2txt: added B2T_NON_IP_STR macro to configure representation of non-IPv4/6 addresses in IP columns
* t2whois: added '-D' option to run as a server
* t2netID: decode T2 hexadecimal country organisation codes (refer to basicFlow and BFO_SUBNET_HEX=1)
* scripts:
- t2_aliases: new t2mmdb and t2netID aliases
- t2build/ new -U option to update databases, blacklists, ...
- t2fm:
+ Added top organisations section
+ Added SSH section with top connections and known HASSH signatures
+ Added --hide-{user,pass,user-pass} options to obfuscate usernames/passwords
+ Added --no-* options to discard specific sections of the report
+ New -NUM (-0, -1, ...) option to control the number of queries to run in parallel
- t2plot: allow for '*' in -s[xyz] options, e.g., -sx '0:*'
- new helper functions: find_most_recent_{dir,file}, t2_wget[_n], t2_build_exec, ask_default_{no,yes}

Tranalyzer2 Tarantula version 0.8.7lmw1 is out! 8 months ago

* scripts:
- t2conf, t2test, t2fm, tawk: bugfixes and improvements
- Simplified configuration
* tranalyzer2:
- Flag and handle IP packets with payload length > framing length
- Flag IPv4 packets with header length < 20 bytes
- Fixed column names for REPORT_HIST=1
- Fixed l7Len for OSPFv2
- Added support for Ethernet over MPLS
* arpDecode: fixed detection of gratuitous ARP
* basicFlow: new subnetfiles, hex coding for country now 9 bits
* ospfDecode: bugfixes, code hardening
* tcpFlags:
- MPTCP new features, thx to Theresa TU Berlin
- Flag and handle corrupt IPv4 options with length = 0
* regex_pcre: New engine and regfile format

Tranalyzer2 Tarantula version 0.8.6lmw1 is out! 10 months ago

* basicFlow:
- t2whois: new program to query Tranalyzer databases
- New subnet files, county city configurable
* basicStats: report L2 and L3 biggest talkers
* geoip: updated GeoLite2 database
* macRecorder:
- Report min, max and average MAC pairs per flow
- Updated manuf database
* nDPI: updated nDPI library to version 3.0
* {radius,smtp}Decode: bugfixes
* sctpDecode: merged SCTP_CHNKVAL and SCTP_CHNKSTR
* sshDecode: compute and lookup HASSH fingerprints
* sslDecode: updated blacklist
* t2caplist: added -z and -R options, various fixes
* t2conf: added bash/zsh completion for -D and -G options
* t2plot:
- Added support for drawing histograms (-H and -D options)
- Added -c option to customise chart color
- Make sure to restore default configuration when toggle test failed
- New options -S1, -S2 and -J (bit shift and Johnson counter)
- New option -e to ignore compilation errors caused by '#error' macro
- New 't2test' alias to run the tester from anywhere
* fpsGplt:
- fpsEst was merged into fpsGplt as '-j' option
- Improved '-d' option: -d 0|1 is now -d A|B
* protStat:
- Added -C option to not output percentages
- Added -r option to sort in reverse order
- Added -H, -HR and -HH options to control the formatting of numbers
- Added --color[=WHEN] option (default: no color if output redirected)
* t2b2t:
- Utility to convert T2 binary files (renamed from tranalyzer-b2t)
- Automatically compiled when building binSink or socketSink (CONTENT_TYPE=0)
* t2_aliases: new t2b2t and t2whois alias
* added -u/-U option to (not) update the databases

Tranalyzer2 Tarantula version 0.8.5lmw1 is out! 11 months ago

* WINDOWS 10 version
* packetCapture: Bugfix: Fragment hash lookup missing l4proto
* tcpFlags: Bugfixes
- ipFlags: Fragmentation and OSPF checksum calculation
- ipFlags: Min frag flag not at last packet
- Limit pseudo header calculation, OSPF has not pseudo header
- Packet Mode: relative Seq/Ack Number Calculation
- TCP time option: fix of uptime clock estimation
- WSC value
- Scan Detector
* httpSniffer: robust against corrupted chunked pages

Tranalyzer2 Tarantula version 0.8.4lm2 is out! 1 year ago

* basicFlow: improved subnet files
* dnsDecode: updated blacklists
* geoip: updated GeoLite2 database
* macRecorder: updated manuf database
* sslDecode: updated certificate blacklist

Tranalyzer2 Tarantula version 0.8.2lm2 is out! 1 year ago

* Fix for OSX

Tranalyzer2 Tarantula version 0.8.2lm1 is out! 1 year ago

* New plugin: findexer
* basicFlow:
* Updated IPv4/6 databases
* Flag Tor addresses
* dnsDecode: blacklisted domain names detection
* geoip: updated databases
* nDPI: updated nDPI library to 2.6.0
* pwX: improved detection of HTTP based credentials
* sslDecode: updated JA3/JA3S database and SSL blacklist
* ftpDecode: bugfixes
* tranalyzer2:
* Improved final and monitoring reports
* Improved network aggregation mode IPv4/6
* Faster parallel compilation
* New -P/--profile option
* Simpler control of MAC addresses representation (utils/bin2txt.h):
* MAC_FORMAT: 0: string, 1: hex
* MAC_SEP: separator for MAC addresses as string (default: ":")
* Avoid unecessary dependency to zlib (*Sink)
* tawk: removed deprecated function bitisset
* Use bitsanyset and bitsallset instead
* Bugfixes and code hardening

Tranalyzer2 Tarantula version 0.8.1lm3 is out! 1 year ago

* More Traffic Mining features in nFrstPkts
* Improved scripts and tutorials (see
* tcpFlags: minwinsz detection, doc
* telnetDecode: bug fixes
* Minor code refactoring

Tranalyzer2 Tarantula version 0.8.1lm2 is out! 1 year ago

* Fix for older distributions where zlib version < 1.2.9

Tranalyzer2 Tarantula version 0.8.1 is out! 1 year ago

* New plugins: sslDecode (SSL/TLS, including JA3 hash), p0f (OS fingerprinting)
* Improved t2fm: create PDF report from MongoDB or PostgreSQL database
* nFrstPkt: new signal preprocessing features
* New t2plot and traffic mining scripts
* Improved dnsDecode and arpDecode
* txtSink: added option to compress (gzip) the output
* geo labeling information for packet mode (-s option)
* checkout our tutorials

product-maker andy Mar 23 2017 9 excellent
product-maker bobby-bob Mar 22 2017 9 excellent
product-maker Base: 4 x 5.0 Ratings
Be the first to comment
*Needs pling-store or ocs-url to install things
0 Affiliates
updated Jul 27 2020
added Mar 22 2017
downloads 24h
mediaviews 24h 0
pageviews 24h 2
System Tags app software gplv3