forked from DNS-OARC/PacketQ
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
29 lines (18 loc) · 1.21 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
PacketQ is a command line tool to run sql queries directly on pcap files.
However, PacketQ also contain a very simplistic webserver in order
to inspect pcap files remotely and a simple prototype AJAX-based GUI.
Sample command lines:
packetq -s "select * from dns limit 10" sample.pcap
Retrives the 10 first packets containing dns information from the file "sample.pcap"
packetq -d -p8080 -w html/ -r pcap/
Starts a webserver on port 8080 (-p8080) as a daemon (-d) servering files from the
directory html/ (-w html/) and pcapfiles from the directory pcap/ (-r pcap/).
To install: download and unpack the source from:
https://github.com/dotse/PacketQ/tarball/master,
then type "./configure; make; make install"
Pre-compiled binaries for Mac OS can be found at:
https://github.com/dotse/PacketQ/raw/master/bin/macos/packetq.zip
More information is provided in our wiki on https://github.com/dotse/packetq/wiki
We also have a public mailing-list at http://lists.iis.se/mailman/listinfo/packetq
A short demo-video of PacketQs capabilities is available on http://www.youtube.com/watch?v=70wJmWZE9tY
License and terms for use and redistribution is here https://github.com/dotse/PacketQ/blob/master/COPYING