Data analysis tools are the core of the NSM suite; these are the tools which actually detect and support analyses of intrusive activity. With the exception of the GUI_nsm, these are post-mortem tools to investigate data already saved to disk. In addition to analyzing data collected by one of the NSM’s data capture tools, these post-mortem tools can also analyze data collected by TCPdump. Support tools manipulate existing data to support further analysis and enable the other NSM tools. tcpdump_conv will convert data saved by the tcpdump program into data which can be analyzed by the NSM tools