Simple program to log canonical packet names for v47 of the protocol from a packet sample, i.e. PCAPNG. Reads a TSV value containing input data. Requires server private key (see data for patch) in order to decrypt the client-secret (or if captured fully client-side, directly provide the secret). Assumes server port is 25565.
i.e.
tshark -Y "tcp.payload > 0 and not tcp.analysis.retransmission and not tcp.analysis.out_of_order" -T fields -e frame.number -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -e tcp.payload -r packets.pcapng | <this-program> <private-key-path>