NetworkMiner is a popular network forensics tool that can parse pcap files as well as perform live sniffing of network traffic on Ethernet and WiFi networks.
NetworkMiner collects data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main user interface view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).
NetworkMiner has, since the first release in 2007, become a popular tool among incident response teams as well as law enforcement. NetworkMiner is today used by companies and organizations all over the world.
CapLoader is a Windows tool designed to handle large amounts of captured network traffic in the tcpdump/libpcap format (PCAP). CapLoader displays the contents of opened PCAP files as a list of TCP and UDP flows. Users can select the flows of interest and quickly filter out those packets from the loaded PCAP files. Sending the selected flows/packets to a packet analyzer tool like Wireshark or NetworkMiner is then just a mouse click away.
CapLoader is the ideal tool to use when handling big data PCAP files in sizes up to many gigabytes (GB). The contents of individual flows can be exported to tools like Wireshark and NetworkMiner in just a matter of seconds after having loaded one or multiple large PCAP files.
PolarProxy is a transparent SSL/TLS proxy created for incident responders and malware researchers. PolarProxy is primarily designed to intercept and decrypt TLS encrypted traffic from malware that is run in a controlled environment, such as a sandbox. PolarProxy decrypts and re-encrypts TLS traffic, while also saving the decrypted traffic in a PCAP file.
PacketCache is a free Windows service designed to continuously monitor the network interfaces of a computer and store the captured packets in memory (RAM).
The idea is to make full-content packets available for post-event incident response and network forensic analysis. PacketCache can be used either as a complement to solutions for centralized network packet capturing, or without any other network monitoring solution in place.
RawCap is a tiny command line sniffer for Windows. You can sniff packets with RawCap without having special network drivers (like WinPcap) installed.
RawCap also has the unique ability to capture packets from localhost (127.0.0.1) on Windows.