Dshell

"An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures.

Key features:

• Robust stream reassembly
• IPv4 and IPv6 support
• Custom output handlers
• Chainable decoders

The prerequisites are:

• Linux (developed on Ubuntu 12.04)
• Python 2.7
• pygeoip, GNU Lesser GPL
  • MaxMind GeoIP Legacy datasets
• PyCrypto, custom license
• dpkt, New BSD License
• IPy, BSD 2-Clause License
• pypcap, New BSD License
• elasticsearch-py, Apache License, Version 2.0 - optional, used only with Dshell's elasticout output module

https://github.com/USArmyResearchLab/Dshell