wader/fq
1
1
Fork 0
mirror of https://github.com/wader/fq.git synced 2024-11-26 21:55:57 +03:00
Code Issues Projects Releases Wiki Activity
29084e358e
fq/format/pcap/testdata/help_pcap.fqtest
Mattias Wadman 2c505feec8 help,markdown: Rewrote and made text rendering nicer 
Plan is to use it for man page etc and also some ansi renderer
2023-05-08 00:07:56 +02:00

21 lines
630 B
Plaintext
Raw Blame History

$ fq -h pcap
pcap: PCAP packet capture decoder
Decode examples
===============
# Decode file as pcap
$ fq -d pcap . file
# Decode value as pcap
... | pcap
Build object with number of (reassembled) TCP bytes sent to/from client IP
==========================================================================
# for a pcapng file you would use .[0].tcp_connections for first section
$ fq '.tcp_connections | group_by(.client.ip) | map({key: .[0].client.ip, value: map(.client.stream, .server.stream | tobytes.size) | add}) | from_entries'
{
"10.1.0.22": 15116,
"10.99.12.136": 234,
"10.99.12.150": 218
}
Reference in New Issue View Git Blame Copy Permalink