packetq

SQL-like query interface for analyzing PCAP network packet capture files

brewmacoslinux

Try with needOr install directly

About

SQL-like frontend to PCAP files

packetq

Display all packets with source and destination IPs$ packetq -r capture.pcap 'select src, dst from packets'

Count HTTP traffic by source IP address$ packetq -r capture.pcap 'select src, count(*) from packets where dport=80 group by src'

Show DNS queries and responses from a capture file$ packetq -r capture.pcap 'select src, dst, qname from dns'