A lightweight CLI tool for analyzing pcap files
Project description
PCAP Analyzer
This project is a lightweight, simple CLI tool written in Python designed to analyse .pcap files and offer insight in the network traffic without the overhead of full packet inspections.
Introduction
Network administrators often need to quickly analyze .pcap files to understand traffic patterns, protocol usage, and network performance. Tools like Wireshark offer deep inspection but can be heavy and overkill for simple summaries.
PCAP Analyzer fills this gap by offering a lightweight, scriptable CLI tool that provides essential network insights without the overhead.
Features
| Option | Description |
|---|---|
--printall |
Shows all IP traffic as source → destination. |
--showprotocols |
Displays the number of packets per IP protocol (such as TCP, UDP, ICMP). |
--toptalkers |
Shows the top 5 most active sending IP addresses. |
--throughput |
Calculates total throughput in Mbps over the duration of the capture. |
--data_packet_rtt |
Measures average latency (RTT) between data packets and their ACKs. |
--extract_dns_domains |
Lists unique domains queried via DNS. |
Non-functional Specifications
- Performance: Analyze
.pcapfiles up to 100MB in under 5 seconds on modern hardware. - Platform Support: Compatible with Windows, Linux, and macOS; requires Python 3.8 or higher.
- Usability: Simple CLI with one-command execution; help available via
--helpflag. - Maintainability: Modular, clean codebase for easy future expansion.
- Security: Only reads
.pcapfiles; no packet modification or network interaction.
Installation
Gitlab
Clone the repository:
git clone https://gitlab.fdmci.hva.nl/schiffd/pcap-analyzer
cd pcap-analyzer
Requirements
Install dependencies:
pip install -r requirements.txt
Or with UV:
uv pip install .
Include optional dependencies:
uv pip install .[dev]
Usage
Run:
python analyser.py --file <path/to/file.pcapng> [options]
Examples
Show the toptalkers (most active IP addresses):
python analyser.py --file capture.pcapng --toptalkers
Show all the used protocols:
python -m analyser --file capture.pcapng --showprotocols
License
This project is licensed under the MIT License - see the LICENSE file for details.
Author
Daniël Schiffers
Amsterdam University of Applied Sciences
📧 daniel.schiffers@hva.nl
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pcap_analyzer-0.1.0.tar.gz.
File metadata
- Download URL: pcap_analyzer-0.1.0.tar.gz
- Upload date:
- Size: 81.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d11ce781f45876864f4b650690a22cb99734c4c83762fb40692e983b5e5f2aac
|
|
| MD5 |
481c1e010a834a854b926ee67f45b711
|
|
| BLAKE2b-256 |
b2f6221afad03e7abd15eb1a3336e43fc04aeb5742f44bca7cc1d7065bfd1fb0
|
File details
Details for the file pcap_analyzer-0.1.0-py3-none-any.whl.
File metadata
- Download URL: pcap_analyzer-0.1.0-py3-none-any.whl
- Upload date:
- Size: 78.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
58d0a21d4e7207d56b397314adf8aa980cb12da23c3b9d60bf501bcde8842e7b
|
|
| MD5 |
4ce138533a599b1cc890999c5ef5674f
|
|
| BLAKE2b-256 |
c80fd6f0819d6b397f9935acd614f3487048a6f2b603fd5cebce09254c327a0d
|
