PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, Npcap, WinPcap, DPDK, AF_XDP and PF_RING.

JA4+ is a suite of network fingerprinting standards

Warning lists to inform users of MISP about potential false-positives or other information in indicators

CyberScan: Network's Forensics ToolKit

Poseidon is a python-based application that leverages software defined networks (SDN) to acquire and then feed network traffic to a number of machine learning techniques. The machine learning algorithms classify and predict the type of device.

Simplifying SSL/TLS traffic analysis for researchers by making SSL decryption effortless.

Blackbook of malware domains

A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University

Hands-On Network Forensics by Nipun Jaswal

In progress. Web service for analyzing network traffic dumps (PCAP) with RAG. Detection of attacks through signature methods, integration with Threat Intelligence systems and AI.

A FUSE module to mount captured network data

Network Forensic & Anomaly Detection System; tailored for covert channel/network steganography detection

Some network covert channel projects of my own research, containing a protocol channel tool (protocol switching covert channel, PCT/PSCC), a protocol hopping covert channel (PHCC) tool, the protocol channel-aware active warden (PCAW) and ... VSTT.

The Network Traffic Analyzer is a Python script designed for capturing and analyzing network traffic, focusing primarily on DNS traffic. This tool provides users with the capability to monitor network activity in real-time and extract relevant information from captured packets.

Overview of some network tools that can be used during the network forensics (extended with some publicly available datasets)

The goal of this project is to help researchers/investigaters to export the decrypted TLS content into a PCAP

Program for static analysis of pcap files and recreation of information sent

Designing and implementing a Packet-Based Intelligent Network phishing Intrusion Detection system. The idea of the design is to use machine learning to classify Network packets to benign and phishing in real-time flow (for both http/https protocol) based on DNS records and domain name features. It operates by using a pre-programmed list of known…

Detection modules for 802.11 and Ethernet timing analysis using frame.time_epoch, clustering, and ML-based anomaly detection. Built for passive network behavior analysis.

IoT Forensics Master Thesis @POLIMI