pcap: Add forgotten help test

wader · May 1, 2023 · d6f785c · d6f785c
1 parent 9ba8c54
commit d6f785c
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/format/pcap/testdata/help_pcap.fqtest b/format/pcap/testdata/help_pcap.fqtest
@@ -0,0 +1,21 @@
+$ fq -h pcap
+pcap: PCAP packet capture decoder
+
+Decode examples
+===============
+
+  # Decode file as pcap
+  $ fq -d pcap . file
+  # Decode value as pcap
+  ... | pcap
+
+Build object with number of (reassembled) TCP bytes sent to/from client IP
+==========================================================================
+
+  # for a pcapng file you would use .[0].tcp_connections for first section
+  $ fq '.tcp_connections | group_by(.client.ip) | map({key: .[0].client.ip, value: map(.client.stream, .server.stream | tobytes.size) | add}) | from_entries'
+  {
+    "10.1.0.22": 15116,
+    "10.99.12.136": 234,
+    "10.99.12.150": 218
+  }