Are there any standard programs in linux/unix like tcpdump that store packets' headers in db (Berkeley DB is preffered, including secondary db's to index stored headers by IP addesses, TCP flows, etc.), provide search in db and convert found headers to tcpdump dumpfile format?
Best way to get such support is to sponser it ;-). Definately I'm only making recommendation for solution. I donot work for money 
ha-ha, very funny 
Hello Hitori,
What are you exactly trying to do.. what is the higher-level objective?
- John
I just want to gather some statistics about packets that pass through the server
It seems to me that you could possibly leverage a router for this purpose instead? What kind of statistics?
- John
We need to determine what (or who) makes problems with throughput on the server. And what influence have changes in tc configuration on this.
Hmm, wonder if you want to "borrow" the source code for TCP dump and then enhance it with your functionality. Because I had only see the "normal" TCPdump.
I've used pcap lib from tcpdump but I just thought there are an easier way do do this
Personaly I think that since you already had started to use the pcap lib, it would be a whole lot easier to code it and use it yourself, rather than going online to search for some shrink wrap software.
It's simple to capture packets and store it's headers in BerkeleyDB with secondary dbs etc., but it's a lot of work to make some interface to serach for information in this db
Hitori,
Not sure of the specific tool, but I would think there is something other than tcpdump that you could use to tie network utilization to processes, which you could then tie back to the users. Is this for one server or across an enterprise? What platform(s) does it need to work with?
- John
1 server, FreeBSD