public tools:  passive -- (cont.)


tcpdpriv
like tcpdump for privacy-concerned
encodes IP addresses/ports/strip payload, etc
option to exit after N packets or M seconds
deals with pcap/tcpdump files, same bpf filter patterns.

tcptrace
post-processes tcpdump files
examines TCP sessions
measures RTT between endpoints
generates xplot input files (session dynamics)