{"id":20010201,"url":"https://github.com/activecm/pcap-stats","last_synced_at":"2025-05-04T20:30:45.333Z","repository":{"id":38412532,"uuid":"397401830","full_name":"activecm/pcap-stats","owner":"activecm","description":"Learn about a network from a pcap file or reading from an interface","archived":false,"fork":false,"pushed_at":"2024-04-06T18:35:40.000Z","size":282,"stargazers_count":29,"open_issues_count":1,"forks_count":4,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-30T22:41:58.722Z","etag":null,"topics":["network-analysis","pcap","python","python3","scapy","traffic-analysis"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/activecm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-08-17T22:03:12.000Z","updated_at":"2025-04-29T15:09:55.000Z","dependencies_parsed_at":"2022-08-25T02:00:51.114Z","dependency_job_id":null,"html_url":"https://github.com/activecm/pcap-stats","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/activecm%2Fpcap-stats","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/activecm%2Fpcap-stats/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/activecm%2Fpcap-stats/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/activecm%2Fpcap-stats/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/activecm","download_url":"https://codeload.github.com/activecm/pcap-stats/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252395179,"owners_count":21740978,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["network-analysis","pcap","python","python3","scapy","traffic-analysis"],"created_at":"2024-11-13T07:18:49.705Z","updated_at":"2025-05-04T20:30:44.873Z","avatar_url":"https://github.com/activecm.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pcap-stats\n\nLearn about a network from a pcap file or reading from an interface. \nThis tool focuses on the traffic types with the largest number of packets\nor bytes, allowing you to identify traffic spikes, DOS or DDOS attacks,\nbandwidth hogs, and unwanted servers on your network.  For each line of\nstatistics we include the number of packets, the number of bytes, the\nassociated BPF to show just this traffic, and one or more hints as to\nwhat this traffic might be (including the ports used, hostnames and\nnetbios names, and address type details.\n\n\"Traffic types\" include IP and physical layers, protocol layers, TCP\nflags, ICMP types, TCP and UDP ports, individual IP addresses, hostnames,\nand netbios names.  hostnames and netbios names are cached between runs.\n\n# Quickstart\n- If you don't have pip3 installed, install it with\n```sudo apt install python3-pip``` or ```sudo yum install python3-pip```\n- Install scapy with\n```sudo pip3 install scapy```\n- Analyze a pcap file with\n```./pcap_stats.py -r pcap_file_name.pcap | less -S```\n- Analyze packets coming in on a network interface with\n```sudo ./pcap_stats.py -i eth0 -c 10000 | less -S```\n- To create an HTML page of output\n```./pcap_stats.py -r pcap_file_name.pcap -f html \u003epcap_stats.html```\n- To see the other available options, run ```./pcap_stats.py -h```\n\n\n# Tools\n- In the text format, to see just the lines with more than 4000 packets:\n```cat output.txt | awk '$1 \u003e 4000 {print}' | less\n\n- In the text format, to sort the output so the most common traffic is at the bottom:\n```cat output.txt | sort -n | less\n\n- In the text format, to sort the output so the most common traffic is at the top:\n```cat output.txt | sort -nr | less\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factivecm%2Fpcap-stats","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Factivecm%2Fpcap-stats","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factivecm%2Fpcap-stats/lists"}