Tcpdstat is an old, but useful tool for analyzing network based evidence. Tcpdstat offers very helpful statistical information about packet captures, including start/finish timestamps (to identify the total duration of the packet capture), breakdown by protocol/port, and packet size distribution.
Tcpdstat is useful for analyzing network trace data because it gives a high-level overview, which can identify where to look next. For example, if quite a few packets show up for a protocol/port that isn’t normally used on the victim machine, you've already been clued in on what to look for next on a lower level.
Download and Instructions
See the External Links section below for a link with instructions on how to download and build Tcpdstat.