Free tcpdump software for mac

Nfdump is a set of tools to collect and process netflow data. Its fast and has a powerful filter pcap like syntax.
Nfdump supports netflow versions v5, v7 and v9 as well as a limited set of sflow and is IPv6 compatible.
The nfdump tools process and collect netflow data on the command line.
NOTE: Nfdump is distributed under the BSD License.
Nfdump contains the following tools:
nfcapd - netflow capture daemon.
-Reads the netflow data from the network and stores the data into files. Automatically rotate files every n minutes. ( typically ever 5 min ) nfcapd reads netflow v5, v7 and v9 flows transparently. You need one nfcapd process for each netflow stream.
nfdump - netflow dump.
-Reads the netflow data from the files stored by nfcapd. Its syntax is similar to tcpdump. If you like tcpdump you will like nfdump. Displays netflow data and can create lots of top N statistics of flows IP addresses, ports etc ordered by whatever order you like.
nfprofile - netflow profiler.
-Reads the netflow data from the files stored by nfcapd. Filters the netflow data according to the specified filter sets ( profiles ) and stores the filtered data into files for later use.
nfreplay - netflow replay
-Reads the netflow data from the files stored by nfcapd and sends it over the network to another host.
nfclean.pl - cleanup old data
-Sample script to cleanup old data. You may run this script every hour or so.
ft2nfdump - Read and convert flow-tools data.
-Reads flow-tools data from files or from stdin in a chain of flow-tools commands and converts the data into nfdump format to be processed by nfdump.

Enhancements
Fixes minor bug including:
- Daylight saving bug
- 64bit compile/run bug
- minor other bugs

Switzerland is a tool for testing networks, ISPs and firewalls developed by the Electronic Frontier Foundation (www.eff.org).
Switzerland will spot IP packets which are forged or modified between clients, inform you, and give you copies of the modified packets.

Enhancements
Lots of bugfixes and some new features:
- Make the messages that Switzerland gives users less cryptic and more informative! Especially
- Improve on the notification of modified/forged packets in versions 0.0.x. In the case of modifications, provide specific reports of which packet fields have been modified, from what and to what. In the case of injections/forgeries, provide tcpdump-style representations of the packets.
- Include a new command line tool, study-switzerland-pcaps, to perform the above analysis based on the -in and -out pcap modification/forgery logs produced by Switzerland. This will be useful both for old logfiles from 0.0.7 and for newly created logs.
- Reduce the incidence and duration of the "you cant connect, because we already have a connection from your IP" problem.
- Fix several internal bugs in the server, which 0.0.7 "handled" by catching exceptions and trying to ignore them.
- When modified/forged packets are observed, dont tell other parties what your NIC and routers MAC addresses are
Internal improvements and adjustments:
Refactor things out of Switzerland.py:
- Matchmaking is now separated and easier to understand
- Forgery context operations are now part of SwitzerlandLink.py
- There are some minor but incompatible changes to the wire protocol, in which reports on forgeries are passed around with the fo-context and forged-details messages.
- We have some traceroute collection infrastructure now, although were not using it yet

Wireshark is one of the worlds foremost network protocol analyzers, and is the standard in many parts of the industry.
WireShark is a project developed on the base of the one that started in 1998. Hundreds of developers around the world have contributed to it, and it it still under active development.

Main features:
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Multi-interface: Along with a standard GUI, Wireshark includes TShark, a text-mode analyzer which is useful for remote capture, analysis, and scripting
- The most powerful display filters in the industry
- VoIP analysis
- Live capture and offline analysis are supported
- Read/write many different capture file formats: tcpdump (libpcap), NAIs Sniffer(compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIXs iptrace, Microsofts Network Monitor, Novells LANalyzer, RADCOMs WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdump-format), the AG Groups/WildPackets EtherPeek/TokenPeek/AiroPeek, Visual Networks Visual UpTime and many others
- Capture files compressed with gzip can be decompressed on the fly
- Hundreds of protocols are supported, with more being added all the time
- Coloring rules can be applied to the packet list, which eases analysis
- Output can be exported to XML, PostScript, CSV, or plain text

System requirements:
- Apples X11

Enhancements
Bug Fixes:
The following vulnerabilities have been fixed:
- The PCNFSD dissector could crash. Versions affected: 0.8.20 to 1.0.7
The following bugs have been fixed:
- Lua integration could crash. (Bug 2453)
- The SCCP dissector could crash when loading more than one file in a single session. (Bug 3409)
- The NDMP dissector could crash if reassembly was enabled. (Bug 3470)
New and Updated Features:
- There are no new or updated features in this release.
New Protocol Support:
- There are no new protocols in this release.
Updated Protocol Support:
- All ASN.1 protocols, DICOM, NDMP, PCNFSD, RTCP, SCCP, SSL, STANAG 5066
New and Updated Capture File Support:
- There are no new or updated capture file formats in this release.

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
Kismet will work with any wireless card which comes with support for the raw monitoring (rfmon) mode, and can sniff 802.11a, 802.11b, and 802.11g traffic.
Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.

Main features:
- Ethereal/Tcpdump compatible data logging
- Airsnort compatible weak-iv packet logging
- Network IP range detection
- Built-in channel hopping and multicard split channel hopping
- Hidden network SSID decloaking
- Graphical mapping of networks
- Client/Server architecture allows multiple clients to view a single
- Kismet server simultaneously
- Manufacturer and model identification of access points and clients
- Detection of known default access point configurations
- Runtime decoding of WEP packets for known networks
- Named pipe output for integration with other tools, such as a layer3 IDS like Snort
- Multiplexing of multiple simultaneous capture sources on a single Kismet instance
- Distributed remote drone sniffing
- XML output
- Over 20 supported card types

Enhancements
- This is a complete rewrite of Kismet (referred to as Kismet-Newcore while under development).
- It includes a new user interface, improved tracking, IDS functions, a plugin architecture... for both server and client, and auto-detection of drivers and supported channels on sniffing devices