A lightweight CLI tool for analyzing pcap files

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for schiffd from gravatar.com schiffd

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

PCAP Analyzer

This project is a lightweight, simple CLI tool written in Python designed to analyse .pcap files and offer insight in the network traffic without the overhead of full packet inspections.

Introduction

Network administrators often need to quickly analyze .pcap files to understand traffic patterns, protocol usage, and network performance. Tools like Wireshark offer deep inspection but can be heavy and overkill for simple summaries.

PCAP Analyzer fills this gap by offering a lightweight, scriptable CLI tool that provides essential network insights without the overhead.

Features

Option Description
--printall Shows all IP traffic as source → destination.
--showprotocols Displays the number of packets per IP protocol (such as TCP, UDP, ICMP).
--toptalkers Shows the top 5 most active sending IP addresses.
--throughput Calculates total throughput in Mbps over the duration of the capture.
--data_packet_rtt Measures average latency (RTT) between data packets and their ACKs.
--extract_dns_domains Lists unique domains queried via DNS.

Non-functional Specifications

  • Performance: Analyze .pcap files up to 100MB in under 5 seconds on modern hardware.
  • Platform Support: Compatible with Windows, Linux, and macOS; requires Python 3.8 or higher.
  • Usability: Simple CLI with one-command execution; help available via --help flag.
  • Maintainability: Modular, clean codebase for easy future expansion.
  • Security: Only reads .pcap files; no packet modification or network interaction.

Installation

Option 1: Install from PyPI (Recommended for most users)

Install the latest stable version directly from PyPI:

pip install pcap-analyzer

Option 2: Install from GitLab (For contributors and advanced users)

Clone the repository:

git clone https://gitlab.fdmci.hva.nl/schiffd/pcap-analyzer
cd pcap-analyzer

Install dependencies:

pip install -r requirements.txt

Or with UV:

uv pip install .

Install development dependencies

pip install -r dev-requirements.txt

Or with UV:

uv pip install .[dev]

Usage

If installed via pip, use the CLI command:

pcap-analyser --file <path/to/file.pcapng> [options]

If running directly from the source (Gitlab):

python -m analyser --file <path/to/file.pcapng> [options]

Examples

Show the toptalkers (most active IP addresses):

pcap-analyser --file capture.pcapng --toptalkers  # if installed via pip

or

python -m analyser --file capture.pcapng --toptalkers  # if running from source (GitLab)

Demo --showprotocols

Show all the used protocols:

python -m analyser --file capture.pcapng --showprotocols  # if installed via pip

or

python -m analyser --file capture.pcapng --showprotocols  # if running from source (GitLab)

Demo --showprotocols

License

This project is licensed under the MIT License - see the LICENSE file for details.

Author

Daniël Schiffers
Amsterdam University of Applied Sciences
📧 daniel.schiffers@hva.nl

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for schiffd from gravatar.com schiffd

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

0.1.5

This version

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pcap_analyzer-0.1.4.tar.gz (81.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pcap_analyzer-0.1.4-py3-none-any.whl (78.1 kB view details)

Uploaded Python 3

File details

Details for the file pcap_analyzer-0.1.4.tar.gz.

File metadata

  • Download URL: pcap_analyzer-0.1.4.tar.gz
  • Upload date:
  • Size: 81.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.3

File hashes

Hashes for pcap_analyzer-0.1.4.tar.gz
Algorithm Hash digest
SHA256 68d02a91346aa4483190be0e384a77ecd4afa021538172f3cded76caf8f5acc9
MD5 872282c043c52bdf5047473bcd539962
BLAKE2b-256 32c239eac785ff69b088170c4f0d9c292f60c08b28dc130816fceb27a9412ecd

See more details on using hashes here.

File details

Details for the file pcap_analyzer-0.1.4-py3-none-any.whl.

File metadata

  • Download URL: pcap_analyzer-0.1.4-py3-none-any.whl
  • Upload date:
  • Size: 78.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.3

File hashes

Hashes for pcap_analyzer-0.1.4-py3-none-any.whl
Algorithm Hash digest
SHA256 da4ffa8704f644ec31f3faa1358d4067133169d3beb46af3f7124fd9cce08071
MD5 2c0726986e0c79bec05099fcd36995fa
BLAKE2b-256 be7b29480f3df2560c0375bd3fd144d17730f52133f6c81c03d8b2015ab08dbc

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page