{"id":25676553,"url":"https://github.com/elliotsecops/packet-capture","last_synced_at":"2025-07-12T14:38:03.630Z","repository":{"id":276479225,"uuid":"861535660","full_name":"elliotsecops/Packet-Capture","owner":"elliotsecops","description":"This script is designed to analyze network traffic captured in a .pcap file using the pyshark library. // Este script está diseñado para analizar el tráfico de red capturado en un archivo .pcap utilizando la librería pyshark. ","archived":false,"fork":false,"pushed_at":"2025-02-08T13:42:15.000Z","size":121,"stargazers_count":9,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-08T14:28:43.183Z","etag":null,"topics":["cybersecurity-engineering","ethical-hacking","network-engineering","python-hacking","security-analysis","wireshark"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elliotsecops.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-23T04:55:56.000Z","updated_at":"2025-02-08T13:42:18.000Z","dependencies_parsed_at":"2025-02-08T14:38:55.512Z","dependency_job_id":null,"html_url":"https://github.com/elliotsecops/Packet-Capture","commit_stats":null,"previous_names":["elliotsecops/packet-capture"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elliotsecops%2FPacket-Capture","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elliotsecops%2FPacket-Capture/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elliotsecops%2FPacket-Capture/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elliotsecops%2FPacket-Capture/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elliotsecops","download_url":"https://codeload.github.com/elliotsecops/Packet-Capture/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240495413,"owners_count":19810608,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity-engineering","ethical-hacking","network-engineering","python-hacking","security-analysis","wireshark"],"created_at":"2025-02-24T14:34:54.025Z","updated_at":"2025-02-24T14:34:54.590Z","avatar_url":"https://github.com/elliotsecops.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"**Script de Análisis de Tráfico de Red**\n\n## Resumen\n\nEste script está diseñado para analizar el tráfico de red capturado en un archivo `.pcap` utilizando la biblioteca `pyshark`. Los resultados del análisis se exportan luego a un informe PDF utilizando la biblioteca `reportlab`.\n\n## Características\n\n- **Análisis de Paquetes**: El script analiza cada paquete en el archivo `.pcap` y extrae información relevante como las direcciones IP de origen y destino, los puertos TCP/UDP y las consultas DNS.\n- **Generación de Informe PDF**: Los resultados del análisis se guardan en un informe PDF llamado `network_analysis_report.pdf` ubicado en el directorio `docs`.\n- **Interfaz de Línea de Comandos**: Los usuarios pueden especificar el archivo `.pcap` a analizar a través de la línea de comandos. Si no se especifica ningún archivo, el script utiliza por defecto `data/network_capture.pcap`.\n\n## Requisitos Previos\n\nAntes de ejecutar el script, asegúrate de tener instaladas las siguientes dependencias:\n\n- Python 3.x\n- Biblioteca `pyshark`\n- Biblioteca `reportlab`\n\nPuedes instalar las bibliotecas requeridas utilizando pip:\n\n```bash\npip install pyshark reportlab\n```\n\n## Estructura de Directorios\n\nAsegúrate de que la estructura de directorios sea la siguiente:\n\n```\nPacket capture/\n├── docs/\n├── scripts/\n│   ├── analyze_traffic.py\n│   └── data/\n│       └── network_capture.pcap\n```\n\n## Uso\n\n### Ejecutar el Script\n\nPara ejecutar el script, navega al directorio `scripts` y ejecuta:\n\n```bash\npython analyze_traffic.py\n```\n\n### Especificar un Archivo `.pcap` Diferente\n\nSi deseas especificar un archivo `.pcap` diferente, puedes hacerlo pasando el nombre de archivo como argumento:\n\n```bash\npython analyze_traffic.py another_capture.pcap\n```\n\nEsto buscará `another_capture.pcap` en el directorio `data` y generará un informe PDF llamado `network_analysis_report.pdf` en el directorio `docs`.\n\n### Salida\n\nEl script emitirá lo siguiente:\n\n- Un mensaje que indica el archivo que se está analizando.\n- Un mensaje que indica la finalización del análisis y el número de paquetes analizados.\n- Un mensaje que indica la ubicación del informe PDF generado.\n\n## Ejemplo de Salida\n\n```bash\nAnalizando archivo: data/network_capture.pcap\nAnálisis de red completado. Se analizaron 500 paquetes. Informe guardado como docs/network_analysis_report.pdf\n```\n\n## Descripción del Código\n\n### Función `analyze_packet`\n\nEsta función analiza un solo paquete y extrae información relevante como:\n\n- Número de paquete y capa más alta.\n- Direcciones IP de origen y destino.\n- Puertos TCP/UDP de origen y destino.\n- Paquetes TCP SYN.\n- Paquetes UDP grandes.\n- Consultas DNS.\n\nLa información extraída se escribe luego en el informe PDF.\n\n### Función `main`\n\nEsta función coordina el proceso de análisis:\n\n- Abre el archivo `.pcap` especificado utilizando `pyshark.FileCapture`.\n- Inicializa el informe PDF y establece la fuente.\n- Itera sobre cada paquete en el archivo de captura, llamando a `analyze_packet` para cada paquete.\n- Guarda el informe PDF en el directorio `docs`.\n\n### Interfaz de Línea de Comandos\n\nEl script admite argumentos de línea de comandos para especificar el archivo `.pcap` a analizar. Si no se especifica ningún archivo, se utiliza por defecto `data/network_capture.pcap`.\n\n### Problemas de Dependencias\n\nSi experimentas problemas con dependencias faltantes, asegúrate de que tanto `pyshark` como `reportlab` estén instalados. Puedes instalarlos utilizando pip como se describe en la sección de Requisitos Previos.\n\n## Contribuciones\n\n¡Siéntete libre de contribuir a este proyecto enviando pull requests o informando problemas! ¡Tus contribuciones son bienvenidas!\n\n## Agradecimientos\n\n- La biblioteca `pyshark` para el análisis de paquetes de red.\n- La biblioteca `reportlab` para la generación de PDF.\n\n---\n\n# Network Traffic Analysis Script\n\n## Overview\n\nThis script is designed to analyze network traffic captured in a `.pcap` file using the `pyshark` library. The analysis results are then exported to a PDF report using the `reportlab` library. \n\n## Features\n\n- **Packet Analysis**: The script analyzes each packet in the `.pcap` file and extracts relevant information such as source and destination IP addresses, TCP/UDP ports, and DNS queries.\n- **PDF Report Generation**: The analysis results are saved in a PDF report named `network_analysis_report.pdf` located in the `docs` directory.\n- **Command-Line Interface**: Users can specify the `.pcap` file to analyze via the command line. If no file is specified, the script defaults to `data/network_capture.pcap`.\n\n## Prerequisites\n\nBefore running the script, ensure you have the following dependencies installed:\n\n- Python 3.x\n- `pyshark` library\n- `reportlab` library\n\nYou can install the required libraries using pip:\n\n```bash\npip install pyshark reportlab\n```\n\n## Directory Structure\n\nEnsure your directory structure looks like this:\n\n```\nPacket capture/\n├── docs/\n├── scripts/\n│   ├── analyze_traffic.py\n│   └── data/\n│       └── network_capture.pcap\n```\n\n## Usage\n\n### Running the Script\n\nTo run the script, navigate to the `scripts` directory and execute:\n\n```bash\npython analyze_traffic.py\n```\n\n### Specifying a Different `.pcap` File\n\nIf you want to specify a different `.pcap` file, you can do so by passing the filename as an argument:\n\n```bash\npython analyze_traffic.py another_capture.pcap\n```\n\nThis will look for `another_capture.pcap` in the `data` directory and generate a PDF report named `network_analysis_report.pdf` in the `docs` directory.\n\n### Output\n\nThe script will output the following:\n\n- A message indicating the file being analyzed.\n- A message indicating the completion of the analysis and the number of packets analyzed.\n- A message indicating the location of the generated PDF report.\n\n## Example Output\n\n```bash\nAnalyzing file: data/network_capture.pcap\nNetwork analysis completed. Analyzed 500 packets. Report saved as docs/network_analysis_report.pdf\n```\n\n## Code Overview\n\n### `analyze_packet` Function\n\nThis function analyzes a single packet and extracts relevant information such as:\n\n- Packet number and highest layer.\n- Source and destination IP addresses.\n- TCP/UDP source and destination ports.\n- TCP SYN packets.\n- Large UDP packets.\n- DNS queries.\n\nThe extracted information is then written to the PDF report.\n\n### `main` Function\n\nThis function orchestrates the analysis process:\n\n- It opens the specified `.pcap` file using `pyshark.FileCapture`.\n- It initializes the PDF report and sets the font.\n- It iterates over each packet in the capture file, calling `analyze_packet` for each packet.\n- It saves the PDF report to the `docs` directory.\n\n### Command-Line Interface\n\nThe script supports command-line arguments to specify the `.pcap` file to analyze. If no file is specified, it defaults to `data/network_capture.pcap`.\n\n### Dependency Issues\n\nIf you encounter issues with missing dependencies, ensure that both `pyshark` and `reportlab` are installed. You can install them using pip as described in the Prerequisites section.\n\n## Contributing\n\nFeel free to contribute to this project by submitting pull requests or reporting issues. Your contributions are welcome!\n\n## Acknowledgments\n\n- The `pyshark` library for network packet analysis.\n- The `reportlab` library for PDF generation.\n\n---\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felliotsecops%2Fpacket-capture","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felliotsecops%2Fpacket-capture","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felliotsecops%2Fpacket-capture/lists"}