The Anteater

Tranalyzer2 is a lightweight flow generator and packet analyzer designed for practitioners and researchers. Special value is set to simplicity, performance and scalability. It extends Cisco NetFlow's functionality and supports analysts in processing ultra large packet dumps. It supports the drill down process to the very flow or even packet of interest and is able to quickly produce a reduced pcap, which can then be analysed in depth by its very own text based packet mode or simply loaded in tcpdump or Wireshark.

The program is open-source, implemented in C and built upon the libpcap library. Tranalyzer provides functionality to analyze and generate key parameters and statistics from IP traces either being live-captured from Ethernet interfaces or pcap files. The quantity of binary and text based output of Tranalyzer depends on enabled plugins. Hence, users have the possibility to tailor the output according to their needs. Moreover, additional plugins can be developed independently of the functionality of other plugins.


Designed for heavy duty tasks such as real-time interface or unlimited pcap file input

Open Source

Licensed under the GNU GPL


Flexible plugin architecture



Flexible aggregation of packets into 0 - 10 tuple flows with flow cross-link, e.g., ICMP with the originating flow or FTP control with data.


Geolocation and whois based IP address labeling and aggregation. Support tools: t2whois, t2netID, t2locate and MaxMind DB plugin.

Mining & AI Support

For Traffic Mining , the preprocessing and proper mathematical transformation to find invariances represent about 90-95% of the work to produce a robust classifier which performs well in practice.


Protocol Encapsulations such as VLAN, L2TP, MPLS, PPP, GRE, GTP, ERSPAN, VXLAN, AYIYA, CAPWAP, Teredo, PIM, SCTP, etc.

Output options

Specific output for troubleshooting, security and forensic purposes: Text, JSON and binary format. PostgreSQL, MongoDB, MariaDB/MySQL and SQLite. Reports also into standard NetFlow 9/10 tools.


Specific Reporting to assess pcap quality and anomalies

Easy post-processing

via Bash, Perl, Python, (T)Awk, ... how admins like it!


reports into standard tools such as RRD or Splunk

Routing & Switching

Support for several routing and switching protocols such as: BGP, OSPF, CDP, LLDP, STP, VRRP, etc.

Network Management

Support for several network management protocols such as: RADIUS, VTP, NTP, DHCP, LDAP, etc.


Graphical support by t2plot , t2timeline , t2viz , Matlab, SPSS, SAS, Google Earth , Excel, etc GUI Development Framework

Tranalyzer Anteater