pic ?is short for PCAP ICMP Carver. It is?utility that was initially designed and developed during the evenings while attending a SANS Institute? http://www.sans.org/security-training/curriculums/forensics" style="margin: 0px; padding: 0px;">networking forensics ?class. In its current form,? pic ?is restricted to reading packet capture (pcap) files and just concentrates on the Internet Control Message Protocol (ICMP) network traffic.
The various options available allow one to specify which internal metadata one wishes to key on and filter out or to chain portions of packets together.
There are both Windows and Linux versions of? pic . Whether using either the 32 bit or 64 bit version of the tool, the internal architecture is geared toward (a) minimizing memory usage and (b) reading and analyzing very large pcap files that may exceed the 32 bit size restrictions. As a convenience option,? pic ?allows files to be piped in from standard input which allows one to process a number of pcap files in one run.