What is PacketSnitch?

PacketSnitch is a network packet analysis tool that combines a Python backend with an Electron frontend to help you explore and filter captured network traffic — no command line required after initial setup.

| Component | Description | | --------- | ----------- | | Backend | Python script (snitch.py) that parses .pcap files and extracts rich per-packet metadata into JSON | | Frontend | Electron-based desktop application for loading, browsing, filtering, and visualizing traffic |

Key Features

• 📂 Load PCAP files — Point the backend at a capture, then explore interactively in the desktop app
• 🔍 Powerful filtering — Filter by port, country, entropy, MIME type, and more using dot-notation expressions
• 🌍 GeoIP integration — See source/destination locations with country, city, and timezone
• 📊 Payload analysis — Shannon entropy visualization, MIME type detection, hex dump with ASCII view
• 🤖 LLM summaries — Generate AI-powered analysis reports using Ollama
• 📑 Protocol decoding — DNS, HTTP, SSL/TLS, DHCP, NTP, SIP, and more

Quick Start

Installation

Download a pre-built release from the releases page:

• Windows: .exe installer
• Linux: .deb or .rpm packages

Launch the app with packetsnitch or click the desktop icon.

Basic Workflow

1. Load PCAP — Click Load PCAP to run the backend on a .pcap file
2. Browse packets — Use Prev / Next buttons or select a host from the dropdown
3. Filter — Type expressions like tcp.dst.port:443 and press Enter
4. Summarize — Click Summary for LLM-generated analysis (requires Ollama)

Documentation

• 🚀 Startup Docs — Quickstart Documentation
• 📖 Frontend Docs — UI reference, conversions, encryption, notes
• ⚙️ Backend Docs — snitch.py usage, arguments, output structure
• 🔎 Filter Reference — Complete filter keys, operators, examples

License

GNU GPLv3 — See LICENSE.md for details.

Author

Marshall Whittaker

Support the Project

If you find PacketSnitch useful, please consider supporting its development: