packrat-cli 1.0.0

🐀 A clean, human-readable CLI packet analyzer for .pcap files

packrat 🐀

Packrat is an open source command-line packet analyzer that takes the pain out of reading raw .pcap files. Packrat gives you a clean, colorized summary of IP conversations, protocol breakdowns, and traffic detection.

After using tshark I just wanted something simpler. Something I could run and immediately understand what's happening in a capture without digging through documentation for flags.

If you are using this tool and have any suggestions, feel free to open an issue or reach out!

Screenshot

features

• Protocol breakdown — TCP, UDP, DNS, HTTP, HTTPS, SSH, FTP, SMTP, IMAP, ARP
• Top IP addresses with hostname resolution and color coding
• DNS query analysis with top domains
• TLS/HTTPS handshake detection
• Anomaly detection — port scans, ARP floods, DNS tunneling, FTP plaintext
• Export to JSON, HTML, or TXT

NOTE

Packrat reports HTTP at the packet level, not the transaction level. What this means is that since there is no TCP reassembly, A single HTTP request/response may span multiple packets. This can lead to a higher number of packets according to Wireshark or other Networking tools.

That being said, use Packrat for convenience not pin point accuracy.