Metadata-Version: 2.4
Name: pcap-analyzer
Version: 0.1.1
Summary: A lightweight CLI tool for analyzing pcap files
Home-page: https://github.com/schiffd/pcap-analyzer
Author: Daniël Schiffers
Author-email: Daniël Schiffers <daniel.schiffers@hva.nl>
Requires-Python: >=3.7
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: scapy<3.0.0,>=2.6.1
Requires-Dist: colorama<1.0.0,>=0.4.6
Requires-Dist: iniconfig<3.0.0,>=2.1.0
Requires-Dist: packaging<26.0,>=25.0
Requires-Dist: pexpect<5.0.0,>=4.9.0
Requires-Dist: pluggy<2.0.0,>=1.5.0
Requires-Dist: Strip<1.0.0,>=0.0.1.dev14
Provides-Extra: dev
Requires-Dist: pytest==8.3.5; extra == "dev"
Dynamic: author
Dynamic: home-page
Dynamic: license-file
Dynamic: requires-python

#  PCAP Analyzer

This project is a lightweight, simple CLI tool written in Python designed to analyse .pcap files and offer insight in the network traffic without the overhead of full packet inspections.

---

## Introduction 
Network administrators often need to quickly analyze `.pcap` files to understand traffic patterns, protocol usage, and network performance. Tools like Wireshark offer deep inspection but can be heavy and overkill for simple summaries.

PCAP Analyzer fills this gap by offering a lightweight, scriptable CLI tool that provides essential network insights without the overhead.

## Features
| Option                  | Description                                                              |
|-------------------------|--------------------------------------------------------------------------|
| `--printall`            | Shows all IP traffic as source → destination.                            |
| `--showprotocols`       | Displays the number of packets per IP protocol (such as TCP, UDP, ICMP). |
| `--toptalkers`          | Shows the top 5 most active sending IP addresses.                        |
| `--throughput`          | Calculates total throughput in Mbps over the duration of the capture.    |
| `--data_packet_rtt`     | Measures average latency (RTT) between data packets and their ACKs.      |
| `--extract_dns_domains` | Lists unique domains queried via DNS.                                    |
---
## Non-functional Specifications
- **Performance:** Analyze `.pcap` files up to 100MB in under 5 seconds on modern hardware.
- **Platform Support:** Compatible with Windows, Linux, and macOS; requires Python 3.8 or higher.
- **Usability:** Simple CLI with one-command execution; help available via `--help` flag.
- **Maintainability:** Modular, clean codebase for easy future expansion.
- **Security:** Only reads `.pcap` files; no packet modification or network interaction.
---
## Installation
### Gitlab
Clone the repository:
```bash
git clone https://gitlab.fdmci.hva.nl/schiffd/pcap-analyzer
cd pcap-analyzer
````
### Requirements
Install dependencies:
```bash
pip install -r requirements.txt
````
Or with UV:
```bash
uv pip install .
````
Include optional dependencies:
```bash
uv pip install .[dev]
````
---
## Usage
Run:
```bash
python -m analyser --file <path/to/file.pcapng> [options]
````
---
## Examples
##### Show the toptalkers (most active IP addresses):
```bash
python -m analyser --file capture.pcapng --toptalkers
````
![Demo --showprotocols](images/toptalkers.gif)
##### Show all the used protocols:
```bash
python -m analyser --file capture.pcapng --showprotocols
````
![Demo --showprotocols](images/showprotocols.gif)
---

## License

This project is licensed under the MIT License - see the [LICENSE](./LICENSE) file for details.

---
## Author
**Daniël Schiffers**  
Amsterdam University of Applied Sciences  
📧 [daniel.schiffers@hva.nl](mailto:daniel.schiffers@hva.nl)



