Be the first to like this
Flowinspect is a network traffic inspection utility. It uses pynids to defragment IP and reassemble TCP packets (UDP is inspected on a per-packet basis). Resulting flows are then inspected using the "re2" module that supports PCRE-like patterns, case-insensitive, invert and multiline matches, etc. In case re2 is not installed, Python's re module is used as a fallback. Match scope could be limited through BPF expressions or via Snort-like offset-depth content modifiers or packets/streams inspection limit flags. Flows could be logged to files in addition to being dumped on stdout. A few useful output modes help with further analysis.