Jomon is a network forensics and passive sniffer tool. It monitors all incoming/outgoing network traffic, without the use of libpcap, and the processes that are generating this traffic.

It supports packet filtering by writing BPF assembly directly or writing in a higher level tcpdump syntax (tcpdump syntax has very limited support for now).

It uses a minimal set of libraries, libncurses for the UI and libGeoIP for geolocation (optional). The BPF scanner/lexical analyzer is made with the help of re2c.