Metadata-Version: 2.4
Name: packrat-cli
Version: 1.1.2
Summary: 🐀 A clean, human-readable CLI packet analyzer for .pcap files
Home-page: https://github.com/MatthewArcaro/packrat
Author: Matthew Arcaro
Author-email: matthewarcaro@gmail.com
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Classifier: Topic :: System :: Networking :: Monitoring
Description-Content-Type: text/markdown
Requires-Dist: scapy
Requires-Dist: rich
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: requires-dist
Dynamic: summary

# packrat 🐀

Packrat is an open source command-line packet analyzer that takes the pain out of reading raw .pcap files. Packrat gives you a clean, colorized summary of IP conversations, protocol 
breakdowns, and traffic detection.

After using tshark I just wanted something simpler. Something I could run and immediately understand what's happening in a capture without digging through documentation for flags.

If you are using this tool and have any suggestions, feel free to open an issue or reach out!

## install
```bash
pip install packrat-cli
```

## usage
```bash
# basic analysis
packrat capture.pcap

# filter by IP or protocol
packrat capture.pcap --filter 192.168.1.5
packrat capture.pcap --filter DNS

# export results
packrat capture.pcap --export json
packrat capture.pcap --export html
packrat capture.pcap --export txt

# skip DNS resolution (faster)
packrat capture.pcap --nd

# check version
packrat --version
```

## Screenshot
![packrat screenshot](https://raw.githubusercontent.com/MatthewArcaro/packrat/main/assets/packrat-sample.JPG)

## features
- Protocol breakdown — TCP, UDP, DNS, HTTP, HTTPS, SSH, FTP, SMTP, IMAP, ARP
- Top IP addresses with hostname resolution and color coding
- DNS query analysis with top domains
- TLS/HTTPS handshake detection
- Anomaly detection — port scans, ARP floods, DNS tunneling, FTP plaintext
- Export to JSON, HTML, or TXT

## changelog

### v1.1.0 (most recent)
- Added threat detection engine with rules for SYN flood, ICMP flood, UDP flood, port scan, and ARP scan
- Refactored codebase into layered architecture (core API, CLI, detection)

### v1.0.2
- Initial release



## NOTE 

    Packrat reports HTTP at the packet level, not the transaction level. What this means is that since there is no TCP reassembly, A single HTTP request/response may span multiple packets. This can lead to a higher number of packets according to Wireshark or other Networking tools.

    That being said, use Packrat for convenience not pin point accuracy. 
