Netcop is a network protocol analysis, detection & prevention system capable of performing packet logging and real-time traffic analysis on IP networks. Netcop is actively developed by Tritux.

Netcop is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).

Netcop performs real-time protocol analysis, content searching/matching, and is commonly used to actively block or passively detect a variety of attacks and probes, such as buffer overflows, protocol floods (HTTP, SMPP and any other IP protocol), stealth port scans, web application attacks, SMB probes, and OS fingerprinting attempts, amongst other features.

Netcop can be used to inspect-and-inject data into IP packets, for example, it is possible to inject advertising texts into exchanged SMS or Emails between users.