We developed tcpdstat to get summary information of a tcpdump file. tcpdstat reads a tcpdump file using the pcap library and prints the statistics of a trace. The output includes the number of packets, the average rate and its standard deviation, the number of unique source and destination address pairs, and the breakdown of protocols.
tcpdstat is intended to provide a rough idea of the trace content. The output can be easily converted to a HTTP format. It also provides helpful information to find anomaly in a trace. For example, if the traffic volume of ICMP is unusually large, or if the traffic volume of a specific address pair is unusually large, it could be a sign of some form of a DoS attack.