Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
A tool that provides a basic SQL-frontend to PCAP-files. Outputs JSON, CSV and XML and includes a build-in webserver with JSON-api and a nice looking AJAX GUI.
Branch: master
Pull request Compare This branch is 51 commits behind dotse:master.

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
collector_sample
html
pcap
src
AUTHORS
COPYING
ChangeLog
INSTALL
Makefile.am
Makefile.in
NEWS
README
aclocal.m4
config.guess
config.h.in
config.sub
configure
configure.ac
depcomp
install-sh
missing

README

PacketQ is a command line tool to run sql queries directly on pcap files.

However, PacketQ also contain a very simplistic webserver in order 
to inspect pcap files remotely and a simple prototype AJAX-based GUI.

Sample command lines:

	packetq -s "select * from dns limit 10" sample.pcap
	    
	    Retrives the 10 first packets containing dns information from the file "sample.pcap"

	packetq -d -p8080 -w html/ -r pcap/

	    Starts a webserver on port 8080 (-p8080) as a daemon (-d) servering files from the 
	    directory html/ (-w html/) and pcapfiles from the directory pcap/ (-r pcap/).

To install: download and unpack the source from: 
https://github.com/dotse/PacketQ/tarball/master, 
then type "./configure; make; make install"

Pre-compiled binaries for Mac OS can be found at: 
https://github.com/downloads/dotse/PacketQ/packetq_macosx_binary.gz

More information is provided in our wiki on https://github.com/dotse/packetq/wiki
We also have a public mailing-list at http://lists.iis.se/mailman/listinfo/packetq

A short demo-video of PacketQs capabilities is available on http://www.youtube.com/watch?v=70wJmWZE9tY

License and terms for use and redistribution is here https://github.com/dotse/PacketQ/blob/master/COPYING
Something went wrong with that request. Please try again.