Busted: A special BPF packet capture tool

Busted is a unique packet capture tool capable of capturing the full TCP/UDP stream of a IP session first using Berkley packet filter notation. Secondly, after capturing the stream, filters are optionally used to determine if the capture is kept or removed.

Busted makes easy work of capturing a specific IP or range of IP addresses, specific to certain ports and specific to the content desired. Perfect for forensic and investigation usage.