Smart PCAP Analysis, branded in the CLI as PacketProbe, is a Python command-line tool for fast packet capture triage. It loads a .pcap file, summarizes IP activity, highlights top talkers, counts protocols, and reports packet size statistics in a clean terminal-friendly format.
- It turns raw packet captures into an approachable forensic summary.
- It balances beginner-friendly code with enough structure to discuss design decisions.
- It includes an example
.pcapfile so reviewers can run it immediately. - It now includes a small automated test suite for the reporting logic.
- Total packet count
- Unique IP addresses
- Protocol distribution for TCP, UDP, ICMP, and Other
- Top 5 talkers by packet frequency
- Packet size statistics
smart_pcap_analysis/
|-- pcap_analyser.py
|-- auto-install_requirements.py
|-- ipv4frags.pcap
|-- requirements.txt
|-- tests/
|-- assets/
|-- README.md
git clone https://github.com/Neth766/smart_pcap_analysis.git
cd smart_pcap_analysis
pip install -r requirements.txt
python pcap_analyser.pyTo analyze a different packet capture:
python pcap_analyser.py path/to/capture.pcapIf you want a guided dependency bootstrap first:
python auto-install_requirements.pypython -m unittest discover -s tests- Load a packet capture with Scapy.
- Inspect each packet for IP, TCP, UDP, or ICMP layers.
- Count communicating addresses and protocol usage.
- Compute packet size statistics.
- Print a concise report for quick human review.
- Why packet summaries are useful before deeper packet-by-packet analysis.
- The tradeoff between a fast CLI summary and a full-featured forensic GUI.
- How to refactor scripts into testable functions without overengineering them.
- How you would extend this into CSV export, graphs, or anomaly detection.
- Export reports to JSON or CSV.
- Add filter flags for protocol-specific analysis.
- Surface conversation pairs and flows.
- Add richer sample captures and regression tests.
This project is licensed under the MIT License. See LICENSE for details.