A lightweight CLI tool for analyzing pcap files

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for schiffd from gravatar.com schiffd

Unverified details

These details have not been verified by PyPI
Project links
Meta
Report project as malware

Project description

PCAP Analyzer

This project is a lightweight, simple CLI tool written in Python designed to analyse .pcap files and offer insight in the network traffic without the overhead of full packet inspections.

Introduction

Network administrators often need to quickly analyze .pcap files to understand traffic patterns, protocol usage, and network performance. Tools like Wireshark offer deep inspection but can be heavy and overkill for simple summaries.

PCAP Analyzer fills this gap by offering a lightweight, scriptable CLI tool that provides essential network insights without the overhead.

Features

Option Description
--printall Shows all IP traffic as source → destination.
--showprotocols Displays the number of packets per IP protocol (such as TCP, UDP, ICMP).
--toptalkers Shows the top 5 most active sending IP addresses.
--throughput Calculates total throughput in Mbps over the duration of the capture.
--data_packet_rtt Measures average latency (RTT) between data packets and their ACKs.
--extract_dns_domains Lists unique domains queried via DNS.

Non-functional Specifications

  • Performance: Analyze .pcap files up to 100MB in under 5 seconds on modern hardware.
  • Platform Support: Compatible with Windows, Linux, and macOS; requires Python 3.8 or higher.
  • Usability: Simple CLI with one-command execution; help available via --help flag.
  • Maintainability: Modular, clean codebase for easy future expansion.
  • Security: Only reads .pcap files; no packet modification or network interaction.

Installation

Option 1: Install from PyPI (Recommended for most users)

Install the latest stable version directly from PyPI:

pip install pcap-analyzer

Option 2: Install from GitLab (For contributors and advanced users)

Clone the repository:

git clone https://gitlab.fdmci.hva.nl/schiffd/pcap-analyzer
cd pcap-analyzer

Install dependencies:

pip install -r requirements.txt

Or with UV:

uv pip install .

Include optional dependencies:

uv pip install .[dev]

Usage

If installed via pip, use the CLI command:

pcap-analyser --file <path/to/file.pcapng> [options]

If running directly from the source (Gitlab):

python -m analyser --file <path/to/file.pcapng> [options]

Examples

Show the toptalkers (most active IP addresses):

pcap-analyser --file capture.pcapng --toptalkers  # if installed via pip

or

python -m analyser --file capture.pcapng --toptalkers  # if running from source (GitLab)

Demo --showprotocols

Show all the used protocols:

python -m analyser --file capture.pcapng --showprotocols  # if installed via pip

or

python -m analyser --file capture.pcapng --showprotocols  # if running from source (GitLab)

Demo --showprotocols

License

This project is licensed under the MIT License - see the LICENSE file for details.

Author

Daniël Schiffers
Amsterdam University of Applied Sciences
📧 daniel.schiffers@hva.nl

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for schiffd from gravatar.com schiffd

Unverified details

These details have not been verified by PyPI
Project links
Meta

Release history Release notifications | RSS feed

0.1.5

0.1.4

This version

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pcap_analyzer-0.1.3.tar.gz (81.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pcap_analyzer-0.1.3-py3-none-any.whl (78.1 kB view details)

Uploaded Python 3

File details

Details for the file pcap_analyzer-0.1.3.tar.gz.

File metadata

  • Download URL: pcap_analyzer-0.1.3.tar.gz
  • Upload date:
  • Size: 81.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.3

File hashes

Hashes for pcap_analyzer-0.1.3.tar.gz
Algorithm Hash digest
SHA256 f5c1a4a913f4c861023606915f7bf635e9bb346974ec92fb67234a5db4d87f34
MD5 3a67db8a313d9f24818e3023ad7e4aeb
BLAKE2b-256 8bd7e214569800d35f51929c222dad2e1b1b7f6365403ccce548c86046e34b18

See more details on using hashes here.

File details

Details for the file pcap_analyzer-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: pcap_analyzer-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 78.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.3

File hashes

Hashes for pcap_analyzer-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 6317945532e735407b11e68955321262fadebe32726f5582f5093cb82a36b741
MD5 3ae1b9386625ef102280ca91bf78e3b7
BLAKE2b-256 0820e12b0408e8549cf3e295b8eec8b6543faac80d97a892f50bc44b12213fc3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page