PCAP Support

Netcap supports reading both the PCAP and PCAP-ng formats from dumpfiles, thanks to the awesome gopacket library.

Use the net.capture tool to process dumpfiles and extract audit records.

A simple demonstration of generating audit records from a PCAP dump file, querying and displaying the collected information in various ways

asciicast

Read more about it in the documentation: PCAP Support.