espcap | Packet capture and indexing with Wireshark and Elasticsearch | Learning library

by vichargrave Python Version: Current License: No License

X-Ray Key Features Code Snippets Community Discussions(2)Vulnerabilities Install Support

kandi X-RAY | espcap Summary

espcap is a Python library typically used in Tutorial, Learning applications. espcap has no bugs, it has no vulnerabilities and it has low support. However espcap build file is not available. You can download it from GitHub.

Espcap is a program that uses tshark to capture packets live from a network interface or from PCAP files and index them in Elasticsearch. Espcap runs only on Python 3.x. For those of you who used Espcap previously, note I deleted that repo and replaced it with this one when I decided to move away from Pyshark for packet capture. This version of Espcap is lighter weight since it has far fewer module dependencies.

Support

Quality

Security

License

Reuse

Support

espcap has a low active ecosystem.

It has 19 star(s) with 5 fork(s). There are 4 watchers for this library.

It had no major release in the last 6 months.

There are 2 open issues and 2 have been closed. On average issues are closed in 38 days. There are no pull requests.

It has a neutral sentiment in the developer community.

The latest version of espcap is current.

Quality

espcap has 0 bugs and 0 code smells.

Security

espcap has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

espcap code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

espcap does not have a standard license declared.

Check the repository for any license declaration and review the terms closely.

Without a license, all rights are reserved, and you cannot use the library in your applications.

Reuse

espcap releases are not available. You will need to build from source code and install.

espcap has no build file. You will be need to create the build yourself to build the component from source.

Installation instructions, examples and code snippets are available.

espcap saves you 66 person hours of effort in developing the same functionality from scratch.

It has 172 lines of code, 12 functions and 3 files.

It has high code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi has reviewed espcap and discovered the below as its top functions. This is intended to give you an instant insight into espcap implemented functionality, and help decide if they suit your requirements.

Parse command line
Remove index line from line
Build command to run
List all interface interfaces
Set the SIGTERM signal handler

Get all kandi verified functions for this library.

espcap Key Features

No Key Features are available at this moment for espcap.

espcap Examples and Code Snippets

No Code Snippets are available at this moment for espcap.

Community Discussions

Trending Discussions on espcap

Specify multiple patterns in Select-string

Analyzing packet captures: What is the right approach

QUESTION

Specify multiple patterns in Select-string

Asked 2019-Jul-25 at 22:38

I cannot properly format my select-string so that I can use mulitple patterns. I am also trying to espcape the \'s in my pattern. Its using a directory path.

These are the patterns I need to search for:

...

ANSWER

Answered 2019-Jul-25 at 22:38

presuming that you want only the 4 lines that match those 4 path\file names AND have Successfully FTPed file in the line, this seems to work. [grin]

Source https://stackoverflow.com/questions/57206583

QUESTION

Analyzing packet captures: What is the right approach

Asked 2017-Nov-10 at 04:41

My goal is to build a packet capture analyzer:

input: A pcap file (or any capture file). The file could have hundreds/thousands of packets.

output: Bunch of information about the traffic streams

...

ANSWER

Answered 2017-Nov-09 at 08:36

I recommend you to use Pyshark. this is wrapper for tshark. it also support all of tshark filter, decoder lib, ... and easy to use! This is a great package for parsing .pcap file and also livecapturing

https://pypi.python.org/pypi/pyshark

Source https://stackoverflow.com/questions/47197152

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install espcap

Install Wireshark for your OS. Clone the Espcap repo then cd into the espcap directory.
Install Wireshark for your OS.
Clone the Espcap repo then cd into the espcap directory.
Optionally, activate your pipenv virtual environment: pipenv shell
Install the required Python modules for Elasticsearch 7.x: pip install -r requirements-7.x.txt If you have Elasticsearch 6.x, use the requirements-6.x.txt file instead.
Create the packet index template by running scripts/templates.sh as follows specifying the node IP address and TCP port of your Elasticsearch instance (localhost:9200 in this example): scripts/packet_template-7.x.sh localhost:9200 If you are using Elasticsearch 6.x, run packet_template-6.x.sh instead.
Set the tshark_path variable in the config/espcap.yml file. You can locate espcap.yml in one of 3 places: Use the file directly from the config directory. Copy it to the same directory where espcap.py and its related Python files reside. Create the /etc/espcap directory and copy it there. Any other directory you want. However, if you don't use one of the previous options, you'll need to add the directory path to the list of config directories contained in the tshark.py file.
cd into the src directory.
Run espcap.py to index some packet data in Elasticsearch: espcap.py --file=test_pcaps/test_http.pcap --node=localhost:9200
Run packet_query.sh as follows to check that the packet data resides in your Elasticsearch instance: scripts/packet_query.sh localhost:9200

Support

Python 3.7 (Python 2.7.x not supported)TShark 3.0.1 (included in Wireshark)Click module for PythonElasticsearch Python Client module 7.xElasticsearch 7.x

Find more information at: