f18m/large-pcap-analyzer

A command-line utility program that performs some simple operations on PCAP files (Wireshark/tcpdump traces) very quickly. Allows you to manipulate very large PCAP files that cannot be easily handled with other software like Wireshark (or tshark). Supports filtering encapsulated GTPu frames. Easily extendible.

C++GPL-3.0

Issues

Readme minor fix
#20 opened 7 months ago by chinmayshr
0
Build fails on Ubuntu 23.04 because pcap_compile_nopcap is deprecated
#15 opened a year ago by Stealthmate
2
tcpdump like read pcap
#10 opened a year ago by championdot
4
Multiple String Filters
#6 opened 5 years ago by pavja2
1
The tcpdump-like filter fails to read and match linux cooked captures (with link type SLL)
#9 opened 3 years ago by beef9
4
Is there a way to get a list of the installed programs by analyzing the pcap file ?
#8 opened 4 years ago by minanagehsalalma
4
Would be nice to have an option to edit a single packet timestamp
#5 opened 5 years ago by f18m
1
build requires automake 1.15, which is not easily available on CentOS 7
#3 opened 6 years ago by ezonakiusagi
3
build fails on Fedora 26 Linux workstation
#2 opened 6 years ago by ezonakiusagi
3
Installation
#1 opened 7 years ago by Bugurr
1