killabit.exe is a windows console utility that sniffs network traffic and shows you a brief report on bytes sent, organized by MAC address pairs (at layer 2), IP address pairs (layer 3) or IP:Port pairs (layer 4). It is intended as a quick and dirty "what is my traffic doing" rather than a fully featured network sniffer. In particular - it doesn't log or analyze the packets beyond what is necessary to increment the counter for the address pair that it is watching.
This was a quick and dirty write, and it shows if you look at the code.
Killabit uses the Pcap.Net .NET wrapper for WinPcap.
Usage: killabit [-l] [-i 1] [-w 5] [-2] [-3] [-4] [-c] [-t 10] [-h] [-v]
-l
--list
list available interfaces
-i 1
--interface 1
use specified numbered interface from list
-w 5
--wait 5
Wait X seconds between screen prints
-2
--layer2
collect data based on MAC address pairs
-3
--layer3
collect data based on IP address pairs
-4
--layer4
collect data based on IP address:port pairs
-c
--combine
combine matching pairs (ignore direction)
-t 10
--top 10
only display the top X pairs (by traffic)
-h
--help
-?
Display usage
-v
--version
print version and exit
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Started: Tuesday, April 18, 2017 6:06:38 PM Report at: 6 seconds. bytes % address pair ----- --- ------------ 5682 62% XX:XX:XX:DD:A6:BC <-> XX:XX:XX:7A:D8:B6 710 7% XX:XX:XX:96:A0:B2 <-> XX:XX:XX:FF:FF:FF 680 7% XX:XX:XX:2E:4D:AE <-> XX:XX:XX:FF:FF:FF 532 5% XX:XX:XX:86:4F:E4 <-> XX:XX:XX:7A:D8:B6 360 3% XX:XX:XX:CE:82:1D <-> XX:XX:XX:FF:FF:FF 287 3% XX:XX:XX:96:A0:B2 <-> XX:XX:XX:7A:D8:B6 262 2% XX:XX:XX:1C:98:87 <-> XX:XX:XX:FF:FF:FF 192 2% XX:XX:XX:52:10:4A <-> XX:XX:XX:00:00:00 120 1% XX:XX:XX:86:4F:E4 <-> XX:XX:XX:FF:FF:FF 103 1% XX:XX:XX:00:00:FB <-> XX:XX:XX:D5:1E:19 83 0% XX:XX:XX:00:00:FB <-> XX:XX:XX:D5:1E:19 60 0% XX:XX:XX:98:57:53 <-> XX:XX:XX:FF:FF:FF