caper

Caper is a tool for understanding and processing "pcap expressions" (also known as tcpdump filters) which are used for network packet analysis. Caper can be used for:

• Expanding out pcap expressions "in full" to understand their implicit features.
• Reasoning about whether two expressions accept the same set of packets, or how their accepted packets differ.
• Converting pcap expressions into BPF programs.
• Converting between pcap expressions and English.

More info can be found in the Caper paper (https://www.nik.network/caper/pcap_semantics.pdf).