Awesome
<img src="https://github.com/user-attachments/assets/46a5c546-7e9b-42c7-87f4-bc8defe674e0" width=250 />DuckDB PCAP Community Extension
This experimental rust extension allows reading PCAP files from DuckDB using the pcap-parser crate
Experimental: USE AT YOUR OWN RISK!
š¦ Installation
INSTALL pcap_reader FROM community;
LOAD pcap_reader;
Example
D SELECT * FROM pcap_reader('test/test.pcap') LIMIT 3;
āāāāāāāāāāāāāāāāāāāāāāā¬āāāāāāāāāāāāāāāāā¬āāāāāāāāāāāāāāāāā¬āāāāāāāāāāā¬āāāāāāāāāāā¬āāāāāāāāāāā¬āāāāāāāāā¬āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā timestamp ā src_ip ā dst_ip ā src_port ā dst_port ā protocol ā length ā payload ā
ā timestamp ā varchar ā varchar ā int32 ā int32 ā varchar ā int32 ā varchar ā
āāāāāāāāāāāāāāāāāāāāāāā¼āāāāāāāāāāāāāāāāā¼āāāāāāāāāāāāāāāāā¼āāāāāāāāāāā¼āāāāāāāāāāā¼āāāāāāāāāāā¼āāāāāāāāā¼āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā 2024-12-06 19:30:2ā¦ ā xx.xx.xx.xxx ā yyy.yyy.yy.yyy ā 64078 ā 5080 ā UDP ā 756 ā INVITE sip:810442837619024@yyy.yyy.yy.yā¦ ā
ā 2024-12-06 19:30:2ā¦ ā yyy.yyy.yy.yyy ā xx.xx.xx.xxx ā 5080 ā 64078 ā UDP ā 360 ā SIP/2.0 100 Trying\r\nVia: SIP/2.0/UDP ā¦ ā
ā 2024-12-06 19:30:2ā¦ ā yyy.yyy.yy.yyy ā xx.xx.xx.xxx ā 5080 ā 64078 ā UDP ā 909 ā SIP/2.0 480 Temporarily Unavailable\r\nā¦ ā
āāāāāāāāāāāāāāāāāāāāāāā“āāāāāāāāāāāāāāāāā“āāāāāāāāāāāāāāāāā“āāāāāāāāāāā“āāāāāāāāāāā“āāāāāāāāāāā“āāāāāāāāā“āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā 3 rows 8 columns ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā