T2 end report enables the user to rapidly assess the significance of large pcaps without even looking into the flows.

Specialized statistics files, such as Layer 2/3/4 protocol statistics, are generated to assess protocol anomalies before even looking into flows.

If you know and manage your network, the ICMP summary file reveals traffic anomalies useful for troubleshooting and security.

Want to get a quick overview of what's in your pcap? t2fm generates a nice PDF report with charts and tables summarizing important information such as IPs, ports, protocols, details about HTTP, HTTPS and DNS traffic, ...

Preprocessing for statistical traffic mining in encrypted voice communication, e.g. Skype, using pktSIATHisto plugin: packet size inter-arrival time distribution per flow. Also useful for multimedia developers who want to protect their application from mining attacks.

T2 in monitoring mode piped into t2rrd which feeds RRDtool.

AI based traffic mining using the 11 dimensional vectors of T2's descriptiveStats plugin. Our ESOM (Kohonen Network) classifies traffic and detects abnormal traffic, such as bot networks, automatically.

t2plot of a connection anomaly graph using srcIP versus connSip (connStat plugin) over time.

The script t2timeline produces flow graphs. Among other applications, they also help to assess the proper generation of training data. Both plots above should look alike, but do not... Somebody messed up the traffic production!

The Anteater supplies t2whois, a local Whois and Tor service for geolocation.

t2whois functions also as a local geolocation and Whois server also labeling Tor exit, guard and directory nodes.

Visual address mapping onto Google Maps.

The flexible flow aggregation scheme of T2 is dependent on the plugins being loaded and their configuration. In contrast to other tools, e.g., Bro/Zeek, it is AI friendly, mining compatible and directly exportable into tools such as SPSS, Excel, Rapid Miner or post processed via command line. Special anomaly flag enable efficient drill down to data carving.

L4/7 protocol plugins for specific troubleshooting, mining or anomaly detection. Several post processing scripts are provided to facilitate the analysis job for practitioners and researchers.

As a complement to TShark/Wireshark, T2 provides a performant command line and mining friendly packet mode which allows an easy correlation with flow and content data.

First thing in the morning Andy needs a good coffee which makes him boot.

He always is in contact with his core and discusses new features or requirements from users. During the transition to a new version Andy assures a smooth handover.

To discuss performance isssues an annual veteran meeting with all collaborators is held at an undisclosed location.

Sometimes he spaces out in the server room and sniffs traffic to train his anomaly detection and monitoring capabilities.

From time to time he self tests, debugs his code, reality checks the results and kicks our arses.

He hates us, when we feed him with all kinds of garbage and exploits crap. But that is the revenge for his arse kicking.

Andy sometimes elevates himself to get the big picture, inspiring new ideas for the T2 end report

To keep him in a good mood, he has ample access to fruits.

Reading research papers and communicating with universities Andy always sharpens his Encrypted Traffic Mining skills on real world packets.

Here, I caught him investigating my car. I guess he will go to automotive plugins in a short time order.

He is always interested in all aspects of aircraft technology and safety. At least no messy IP stuff in that airplane.

Always getting new ideas while sleeping.