maride/pancap
1
0
Fork 0
mirror of https://github.com/maride/pancap.git synced 2024-11-22 08:54:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README

Browse Source
This commit is contained in:
maride 2023-09-04 22:16:11 +02:00
parent 21c956c545
commit c4a24d92d9
1 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -1,31 +1,35 @@
# pancap
<img alt="pancap logo" src="pancap.png" width="250px" height="250px"> <img alt="pancap logo" src="pancap.png" width="250px" height="250px">
# pancap
## Idea ## Idea
If you get access to a [PCAP](https://en.wikipedia.org/wiki/Pcap) file, for example during a CTF or captured on your own, you usually have the problem of overlooking all the relevant information to get a basic idea of the capture file. This gets worse if the capture file includes lots of white noise or irrelevant traffic - often included in the capture file to cloak *interesting* packets in a bunch of packets to YouTube, Reddit, Twitter and others. If you get access to a [PCAP](https://en.wikipedia.org/wiki/Pcap) file, for example during a CTF or captured on your own, you usually have the problem of overlooking all the relevant information to get a basic idea of the capture file. This gets worse if the capture file includes lots of white noise or irrelevant traffic - often included in the capture file to cloak *interesting* packets in a bunch of packets to YouTube, Reddit, Twitter and others.
*pancap* addresses this problem. With multiple submodules, it analyzes the given PCAP file and extracts useful information out of it. In many cases, this saves you a lot of time and can point you into the right direction. *pancap* addresses this problem. With multiple submodules, it analyzes the given PCAP file and extracts useful information out of it. In many cases, this saves you a lot of time and can point you into the right direction.
## Features
- Support for different network protocols
- ARP: collect communication, identify switches and routers, detect [ARP spoofing](https://www.crowdstrike.com/cybersecurity-101/spoofing-attacks/arp-spoofing/).
- DHCP: analyze requests and responses, get an idea of the network setup
- DNS: collect hints of user actions and their OS
- HTTP: dump cleartext communication and embedded files
- Create [GraphViz](https://graphviz.org/) graphs out of network communication flow
## Usage ## Usage
Simply run Simply run
`go get github.com/maride/pancap` `go install github.com/maride/pancap@latest`
This will also build `pancap` and place it into your `GOBIN` directory - means you can directly execute it! This will build `pancap` and place it into your `GOBIN` directory - means you can directly execute it!
It might be required to install the `pcap` header files, e.g. for Ubuntu with `apt install libpcap-dev`.
In any use case, you need to specify the file you want to analyze, simply handed over to pancap with the `-file` flag. In any use case, you need to specify the file you want to analyze, simply handed over to pancap with the `-file` flag.
Example usage:
`pancap -file ~/Schreibtisch/mitschnitt.pcapng` `pancap -file ~/Schreibtisch/mitschnitt.pcapng`
This will give you a result similar to this:
[![asciicast](https://asciinema.org/a/x19gUpdnQoeUx498mPS0Grw6B.svg)](https://asciinema.org/a/x19gUpdnQoeUx498mPS0Grw6B)
## Benchmarks ## Benchmarks
Parsing an `n`GB big pcap takes `y` seconds: Parsing an `n`GB big pcap takes `y` seconds: