Gulp purports to be better at capturing packets than tcpdump (although they can work together).
There is more than one version out there:
- This one says it applied a patch to it five years ago.
More easily obtainable and better documentation available (although still not enough).
Captures packets and decodes SSL/TLS packets.
This adds indexing to bgzip compressed LibPCAP files which then lets you extract them while the original files are still compressed.
This lets you extract part of or combine files created by tcpdump when using file rotation.
Describes itself as like GNU grep but for packets.
These are installed when you install wireshark.
Reorders the packets by timestamp.
This prints summary information about packe files (works with gzipped files).
Merges multiple packet files together. Mergecap will try to keep timestamps in order when merging, but it assumes each individual file to merge is already in order.
Track, reassemble, reorder TCP streams.
Gives connection information taken from a capture file.
Separates out TCP flows into separate files.
Summarizes packet information in ASCII format
Gives summary statistics for a pcap file