Kyanos is a diagnostic toolset for network analysis that uses eBPF to measure packet latency and trace traffic from the network card to the application. It functions as a kernel latency profiler and network performance monitor, providing capabilities to map external dependencies and capture network traffic. The project is distinguished by its ability to perform automatic SSL traffic decryption, converting encrypted requests and responses into plaintext for analysis. It further isolates bottlenecks by attributing latency across multiple stages, specifically tracing the time packets spend withi
PCAPdroid is an Android network traffic analyzer and packet capture tool that operates without requiring root access. It functions as a VPN-based firewall and network controller, capable of recording traffic in PCAPng format and blocking connections to specific domains or malicious hosts. The project distinguishes itself through a proxy-based system for decrypting TLS traffic and routing device network traffic through SOCKS5 proxies or the Tor network. It further allows for the modification of live HTTP requests and responses via custom scripts. Its capabilities cover application connection
Maltrail is a malicious traffic detection system used for network intrusion detection. It consists of a network intrusion sensor for monitoring interfaces, a threat intelligence aggregator for syncing blacklists, and a detection engine that identifies security threats through signature matching and heuristic attack patterns. The system distinguishes itself through a distributed sensor architecture that collects traffic data from multiple remote probes and forwards events to a central analysis server. It employs heuristic behavioral analysis to identify unknown threats, such as port scanning o
Security Onion is a security information and event management platform and network security monitoring suite. It functions as an intrusion detection system and a network traffic analysis tool designed to identify malicious activity and network intrusions through signature-based detection and host-based monitoring. The platform integrates a security case management system to organize investigations by tracking detections and grouping related security events. It provides capabilities for full packet capture, network metadata extraction, and the collection and indexing of security logs from dive