The PCAP Analyzer Web Application is a powerful and user-friendly tool designed for network analysts, security professionals, and enthusiasts. It allows users to upload PCAP files for detailed analysis, providing insights through summaries and interactive data.
A video showing the demo of the application:
Run the script with the path to a .pcap file:
python port_scan_detect.py path/to/your/pcap/file.pcapUse the --full flag for a detailed report of the ports scanned:
python port_scan_detect.py path/to/your/pcap/file.pcap --fullThe script will display the following information tests/demo.gif:
- Closed Ports: Displays the number of closed ports for each IP.
- Scan Types: Lists the IP addresses and ports involved in Null, Xmas, and Half-Open scans.
- UDP Scan: Lists UDP scan attempts detected via ICMP responses.
- ICMP Echo Requests: Displays the source and destination IPs for ICMP Echo Requests.
*** Scanning started ***
**
*
Closed Ports:
IP source: 192.168.1.1 - Closed Ports Count: 6
Null Scan:
None
Xmas Scan:
None
Half-Open Scan:
IP source: 192.168.1.100
Found 1660 ports ***Please add --full flag to see full list of Ports***
UDP Scan:
None
ICMP Echo Requests:
Source/Destination
192.168.1.100 -> 192.168.1.103
- Python 3.6+
- pip (Python package installer)
- tshark (Part of Wireshark)
pip install -r requirements.txtAlternatively, manually install the packages:
pip install flask pyshark werkzeug-
Windows: Download and install Wireshark.
-
macOS:
brew install wireshark
-
Linux:
sudo apt-get install wireshark
Note: Ensure tshark is added to your system's PATH.
python app.pyNote: For production, use a WSGI server like Gunicorn or uWSGI.
Open your web browser and navigate to:
http://localhost:5001
- Upload: Click on "Select PCAP File" or drag and drop your file into the upload area.
- Analyze: The application will process the file and redirect you to the results page.
- View Results:
- Scan Summary: Shows results of various scans and analysis types.
- Interactive Data: Visualize protocol distribution and IP frequencies.
- Switch Theme: Use the toggle switch to switch between light and dark modes.
pcap-analyzer-web/
│
├── app.py
├── requirements.txt
├── templates/
│ ├── base.html
│ ├── upload.html
│ └── results.html
├── static/
│ ├── css/
│ │ ├── styles.css
│ │ └── dark_mode.css
│ ├── js/
│ │ └── main.js
├── uploads/
│ └── (Uploaded files stored here)
└── README.md
Contributions are welcome! Please follow these steps:
-
Fork the repository.
-
Create a new branch for your feature or bug fix:
git checkout -b feature/YourFeatureName
-
Commit your changes:
git commit -am 'Add new feature' -
Push to the branch:
git push origin feature/YourFeatureName
-
Open a Pull Request.
- Implementation: Users can drag files onto the designated area, which highlights upon file hover.
- Fallback: For browsers that don't support drag-and-drop, users can click to select files.
- Functionality: Visual feedback during file upload, showing percentage completion.
- Technical Details: Utilizes the
XMLHttpRequestAPI'sprogressevent.
- Purpose: Enhances navigation by showing the user's current position within the app.
- Implementation: Uses Bootstrap's breadcrumb component.
- Libraries Used: Chart.js for rendering charts.
- Charts Included:
- Protocol Distribution: Pie chart showing the percentage of each protocol.
- Source IP Frequencies: Bar chart displaying the number of packets from each source IP.
- Functionality: Enhances the packet details table with features like pagination, searching, and sorting.
- Implementation: Utilizes DataTables jQuery plugin.
If you encounter any issues or have suggestions for improvement, please open an issue on the GitHub repository or contact me directly.
This project is licensed under the MIT License - see the LICENSE file for details.
- GitHub: muhammadov-q
- Email: muhammadov_q@auac.kg
- Website: Kobiljon.Tech
Developed with ❤️ by Kobiljon Muhammadov