Submitted by jelu on Tue, 05/23/2017 - 09:49


packetq is a command line tool to run SQL queries directly on PCAP files, the results can be outputted as JSON (default), formatted/compact CSV and XML. It also contain a very simplistic web-server in order to inspect PCAP files remotely. PacketQ was previously known as DNS2db but was renamed in 2011 when it was rebuilt and could handle protocols other than DNS among other things.

More information is provided in our README, FAQ, functions, and fields documentation.

A short demo-video of PacketQ's capabilities is available on

Distribution Packages

Packages for Debian, Ubuntu and RPM (CentOS, Fedora, RHEL, SLE and openSUSE) can be found here:


Here are the releases of PacketQ with the latest at the top, read about the changes in the changelog.

File Date Size
packetq-1.7.1.tar.gz June 2, 2022 940K
packetq-1.7.0.tar.gz April 13, 2022 939K
packetq-1.6.0.tar.gz March 10, 2022 933K
packetq-1.5.0.tar.gz November 5, 2021 927K
packetq-1.4.3.tar.gz Oct 23, 2020 925K
packetq-1.4.2.tar.gz Mar 2, 2020 917K
packetq-1.4.1.tar.gz Nov 9, 2017 917K
packetq-1.4.0.tar.gz Jul 11, 2017 914K
packetq-1.3.1.tar.gz Jun 02, 2017 913K
packetq-1.3.0.tar.gz May 23, 2017 912K

See sha256.txt or sha512.txt for checksums.

The software is licensed under the GNU General Public License v3.

Code Repositories

You can clone the code repositories from GitHub:

$ git clone