Somehow related - can't praise enough ntopng [1]. I've used it not only in the more traditional manner, as active traffic analysis, but also as forensic tool, by passing it traffic capture files, and obtaining clear relationships and contributing end points apps and security issues. Highly recommend it.
Edit: Forgot the nprobe [2] (same author), allowing flow data creation and export, expecially where L3 flow capable devices are not usable (e.g. intra-VLAN)
Just as a heads up if you wonder why your comment is gray and has a negative score.
HN really doesn't like or wants comments saying "agree", "nice", "+1" etc., because they add nothing to the conversation. Just upvote a comment/post if you agree or like it :)
Edit: Forgot the nprobe [2] (same author), allowing flow data creation and export, expecially where L3 flow capable devices are not usable (e.g. intra-VLAN)
[1] https://www.ntop.org/products/traffic-analysis/ntop/
[2] https://www.ntop.org/products/netflow/nprobe/