Command-line application to convert network packets into JSON.
$ apt-get install -y libpcap-dev
$ go install
$ pj -help
-interface string
network interface to listen on (default "<FIRST_NON_LOOPBACK>")
-file string
pcap file to read packets from
-filter string
apply bpf filter to capture or pcap file
list network interfaces
capture in promiscuous mode
Start capturing packets on the default interface.
$ pj
Start capturing packets on the en0
$ pj -interface en0
Read packets from test.pcapng
$ pj -file test.pcapng
Capture packets on the default interface, filtered using jq
to select packets that have a TCP layer.
$ pj | jq 'select(.tcp)'
Capture packets on the default interface, filtered using jq
to select packets that do NOT have a TCP layer (like DNS using UDP).
$ pj | jq 'select(.tcp == null)'
Capture packets on the default interface, filtered using jq
to select TCP packets with a destination port of 443 (HTTPS).
$ pj | jq 'select(.tcp.dst_port == 443)'
Capture packets on the default interface, filtered using jq
to select TCP packets with a destination port or source port of 22 (SSH).
$ pj | jq 'select(.tcp.dst_port == 22 or .tcp.src_port == 22)'
Capture packets on the default interface, filtered using jq
to select TCP RST packets.
$ pj | jq 'select(.tcp.rst)'
Capture packets on the default interface, filtered using jq
to select TCP FIN packets.
$ pj | jq 'select(.tcp.fin)'
Capture packets on the default interface, filtered using jq
to select TCP packet that contain an HTTP response.
$ pj | jq 'select(.tcp.payload | startswith("HTTP/1.1"))'