Ostinato is a network packet and traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. It features custom packet crafting with editing of any field for several protocols: Ethernet, 802.3, LLC SNAP, VLAN (with Q-in-Q), ARP, IPv4, IPv6, IP-in-IP a.k.a IP Tunneling, TCP, UDP, ICMPv4, ICMPv6, IGMP, MLD, HTTP, SIP, RTSP, NNTP, etc. It is useful for both functional and performance testing.
netsniff-ng is a high performance Linux network sniffer for packet inspection. It is similar to analyzers like tcpdump, but without the need to perform system calls for fetching network packets. A memory-mapped area within kernelspace will be used for accessing packets, so there is no requirement for copying them to userspace (a 'zero-copy' mechanism). For this purpose, netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying, and performing offline analysis of pcap dumps. The project is focused on building a robust, clean, and secure analyzer and utilities that complete netsniff-ng as a support for penetration testing. netsniff-ng can be used for protocol analysis, reverse engineering, and network debugging.
tcpdump prints a description of the contents of packets on a network interface which match a given boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets which match the expression will be processed by tcpdump. tcpdump logs more than just TCP, IP, or ethernet packets, but has a whole suite of decoders, including ones for USB.
catnip is a tiny network packet capturing tool that is not based on libpcap. When compiled and stripped, the binary is smaller than 20kiB. This makes it very suitable for embedded environments where a libpcap-based tool, typically 100kiB for just libpcap and 500kiB for tcpdump, would be simply too large. catnip is generally parameter compatible with tcpdump and what makes catnip stand out from other small packet capturing tools is that also supports BPF filtering.