Firmware: 10790+
To get a list of unique IPv4 addresses in a PCAP and the number of times they occur in that PCAP in a human-friendly histogram:
cat my_packets.pcap | protoscope --ip=only | json2histo IPv4
# Or use stream_cat. Any standard output a.k.a. stdout will work:
sudo stream_cat my_packets | protoscope --ip=only | json2histo IPv4Example output:
IPv4 (77)
150.100.29.14 77 (0.381): ****************************************************************************************************
130.128.19.30 77 (0.762): ****************************************************************************************************
54.178.176.175 6 (0.792): *******
218.110.175.130 5 (0.817): ******
10.1.170.111 4 (0.837): *****
130.128.255.39 4 (0.856): *****
52.198.141.137 3 (0.871): ***
130.128.47.20 3 (0.886): ***
130.128.255.170 2 (0.896): **
158.201.245.222 1 (0.901): *
202.17.221.191 1 (0.906): *
114.29.205.129 1 (0.911): *
219.101.163.230 1 (0.916): *
10.1.39.105 1 (0.921): *
202.17.220.146 1 (0.926): *
10.1.38.39 1 (0.931): *
205.177.226.213 1 (0.936): *
130.128.255.82 1 (0.941): *
45.0.199.36 1 (0.946): *
45.1.80.136 1 (0.950): *
10.1.38.255 1 (0.955): *
130.128.55.8 1 (0.960): *
52.221.20.123 1 (0.965): *
112.106.253.12 1 (0.970): *
216.115.28.19 1 (0.975): *
202.17.220.169 1 (0.980): *
130.128.255.168 1 (0.985): *
133.243.238.82 1 (0.990): *
210.250.251.193 1 (0.995): *
45.0.205.22 1 (1.000): *To get only source IPv4 addresses, replace protoscope --ip=only with protoscope --ip.src=only and replace json2histo IPv4 with json2histo IPv4Src.
To get only destination IPv4 addresses, replace protoscope --ip=only with protoscope --ip.dst=only and replace json2histo IPv4 with json2histo IPv4Dst.
To get IPv6 addresses instead of IPv4 addresses, replace:
json2histo IPv4withjson2histo IPv6json2histo IPv4Srcwithjson2histo IPv6Srcjson2histo IPv4Dstwithjson2histo IPv6Dst