Java and Scala JSON conversion library.
The tool allows users to easily remove packages, handling dependencies and configuration files as needed. Additionally, PKTool provides a cleanup feature to remove unused packages, freeing up disk space and reducing system clutter.
Arguably the most powerful addition is FlowScript—a domain-specific language (DSL) embedded within pktool v2.0. FlowScript lets you write small scripts that run inside the capture engine, filtering, modifying, or alerting on flows in real time. Unlike tcpdump filters (BPF), which are stateless, FlowScript maintains session state.
Example FlowScript (detect port scans):
if (src_ip changes port every 1 sec)
alert("Potential SYN scan from $src_ip");
annotate(flow, "suspicious");
Scripts are compiled to bytecode at startup, ensuring zero-copy performance even at 10 Gbps line rates.
pktool monitor -i eth0
Shows: per‑protocol rates, top talkers, TCP flags, real‑time graphs. pktool v2.0
Your corporate policy forbids plaintext passwords over the wire. Use pktool v2.0 in daemon mode with a FlowScript:
pktool v2.0 daemon --script plaintext_passwords.flw --alert-syslog
The script detects any POST request to /login with password= in the payload and immediately logs an alert to syslog. No human monitoring required. The tool allows users to easily remove packages,
Installing pktool v2.0 is straightforward, thanks to its availability in major package repositories.
No tool is perfect. As of v2.0, the following are acknowledged limitations: Scripts are compiled to bytecode at startup, ensuring
The public roadmap for v2.1 (planned for Q4 2025) includes: