PCAPΒΆ

Extracts selected elements from network packet capture data: capture time, the number of bytes observed and captured, source and destination MAC and IP addresses, link-layer PDU type, network layer protocol, TCP flags, TTL.

output type:captureTime TIMESTAMP, captureLen INTEGER, wireLen INTEGER, src and dst MACADDR, type INTEGER, ipSrc and ipDst IPSOCKET, ipProto, tcpFlag and ttl INTEGER.
quantifier:none
configuration:bigEndian = true specifies big-endian file format. Default false.

Example 45:

1
LIST('s3://spectx-docs/formats/binary/pcap/file.pcap') | parse(pattern:'PCAP') | limit(4);

Returns:

captureTime captureLen wireLen src dst type ipSrc ipDst ipProto tcpFlag ttl
2017-01-18 09:15:55 78 78 6c-40-08-98-54-7e 90-72-40-03-3a-73 8 192.168.1.2:59873 217.146.76.69:8389 6 64 64
2017-01-18 09:15:55 74 74 90-72-40-03-3a-73 6c-40-08-98-54-7e 8 217.146.76.69:8389 192.168.1.2:59873 6 0 60
2017-01-18 09:15:55 66 66 6c-40-08-98-54-7e 90-72-40-03-3a-73 8 192.168.1.2:59873 217.146.76.69:8389 6 64 64
2017-01-18 09:15:55 338 338 6c-40-08-98-54-7e 90-72-40-03-3a-73 8 192.168.1.2:59873 217.146.76.69:8389 6 64 64
2017-01-18 09:15:55 66 66 90-72-40-03-3a-73 6c-40-08-98-54-7e 8 217.146.76.69:8389 192.168.1.2:59873 6 0 60