PacketQ: A Command Line Tool for SQL Queries on PCAP Files
PacketQ is a command line tool that enables users to execute SQL queries directly on PCAP files. It offers various output formats, including JSON, CSV, and XML, allowing for flexible data handling.
It features a straightforward web server
It features a straightforward web server that allows for remote file inspection. Additionally, it provides extremely fast native decoding of PCAP files, extensible protocol decoding, and supports various functions such as grouping, sorting, counting, and other SQL operations. It also includes a built-in DNS resolver function.
