pcapdecode

Decodes the packets and outputs layer 4 metadata fields.

Syntax

pcapdecode

Description

After running the pcapdecode command, the output fields are as follows:

FieldTypeDescription
src_macStringSource MAC address
dst_macStringDestination MAC address
vlan_idIntegerVLAN ID
protocolStringesp, icmp, tcp, or udp
src_ipIP addressSource IP address
src_portIntegerSource port
dst_ipIP addressDestination IP address
dst_portIntegerDestination port
payloadBinaryPacket payload

Usage

# Download: https://raw.githubusercontent.com/logpresso/dataset/main/pcap/nslookup.pcap
| pcapfile /opt/logpresso/nslookup.pcap | pcapdecode