描述
This program processes network packet capture files (pcap) you created by running a network packet capture program (e.g. wireshark, tcpdump) and extracts statistics. Process: 1. You choose one or more capture files. 2. You start the processing. 3. The program does the processing which can take a while, depending on the number and sizes of the input files. You can expect a processing speed of up to 100 MB/s, depending on the mass storage the input files are stored at. 4. You can browse the various statistical numbers in the UI and export some of them in CSV format to the clipboard for further processing (e.g. paste into Excel). Supports packet capture files in classic (pcap) and new (pcapng) file formats. The current version supports the following statistical numbers: - Layer 2 - General Ethernet Statistics - MAC/Ethernet Addresses: - Source addresses, Destination addresses, Multi-/Broadcast addresses - Ethernet frame size histogram - Linux Cooked Mode Statistics - Linux Cooked Mode frame size histogram - ARP: Packet counts - ARP: Extracted address mappings - PPPoE - PPPoE Discovery - General Stats - Access Concentrators List - List of Established PPPoE sessions - PPPoE Session - General Stats - LCP Stats - PAP Stats - IPv4: General Statistics - IPv4/IPv6: Address lists - Source addresses, Dest addresses, Source only addresses, Dest only addresses - each address with timestamps: first seen, last seen - lists can be filtered by address ranges (not yet for IPv6) - TCP: - Source and Dest ports used - DNS: - General Statistics - Queried Names (A record: IPv4) - Resolved Names (A record: IPv4) - Unresolved Names (A record) - Record Type counters - LOC records - DHCP: - Client MAC addresses - Host names - established DHCP configurations - TFTP - General Stats - File Transfers - HTTP (not HTTPS) - Request Targets (URLs) - Request User Agents - Response Status Codes - Server Software (extracted from Responses) - Content Types
This is the Plus version of PacketCaptureFileScanner with the following additional functions:
- IPv6 addresses extraction - MAC address manufacturer lookup in local database (not online) - Allows to export reports directly into HTML and PDF files with customizations.
We have plans for implementing more features in this application in the future.
Please send feedback or feature requests per e-mail to: [email protected] or [email protected]
or contact us on our discord server https://discord.gg/WaxjrBX
If you are interested in custom versions or source licenses, please contact us directly.