Being an extension of GNU AWK, PAWK has all the commandline options of GNU AWK, with a few extra of its own.
This option loads the shared library readpcap which has nearly all the functionalities provided by PAWK.
This option specifies the mode of the operation. There are two arguments: offline/live. In offline mode, one analyzes an existing packet capture file, and in live mode, one do online analysis of a on-going packet capture. Currently only offline mode is supported. Note that -a(--pcap) without any argument implies offline mode.
pawk -lreadpcap -a -f script pcap
pawk -lreadpcap -aoffline -f script pcap
pawk -lreadpcap --pcap -f script pcap
pawk -lreadpcap --pcap=offline -f script pcapscript is the path to the analysis code, and pcap is the path to the packet capture file.