pcapdecode
Decodes the packets and outputs layer 4 metadata fields.
Syntax
pcapdecode
Description
After running the pcapdecode
command, the output fields are as follows:
Field | Type | Description |
---|---|---|
src_mac | String | Source MAC address |
dst_mac | String | Destination MAC address |
vlan_id | Integer | VLAN ID |
protocol | String | esp , icmp , tcp , or udp |
src_ip | IP address | Source IP address |
src_port | Integer | Source port |
dst_ip | IP address | Destination IP address |
dst_port | Integer | Destination port |
payload | Binary | Packet payload |
Usage
# Download: https://raw.githubusercontent.com/logpresso/dataset/main/pcap/nslookup.pcap
| pcapfile /opt/logpresso/nslookup.pcap | pcapdecode