vichargrave / espcap Goto Github PK
View Code? Open in Web Editor NEWPacket capture and indexing with Wireshark and Elasticsearch
Home Page: https://vichargrave.github.io/programming/packet-capture-with-wireshark-and-elasticsearch/
espcap's Issues
Connection testing
Hi, this is less of an issue and more suggestion - I noticed if you fat finger the node address you have to wait until after data chunking etc before it errors out. I've added the following to the local repo I pulled down:
es = None
if node is not None:
es = Elasticsearch(node)
print("Testing elasticsearch connection")
if es.ping():
print("Ping success")
else:
print("Unable to ping elasticsearch instance on {}\nPlease check and try again".format(node))
sys.exit(1)
A nice clean / easy way to check for a connection issue early on.
I was going to open a PR, but I don't have permission, so raising it here.
Docker image
Is there some docker image to run this espcap+elasticsearch+kibaba?
Thanks
[ERROR] 'timestamp' - where is this error comming from?
Hey, I wonder if you have any idea about the problem I am facing:
root@debian:~/espcap# python3.7 src/espcap.py --file=test_pcaps/test_http.pcap --node=localhost:9200
Loading packet capture file(s)
test_pcaps/test_http.pcap
Running as user "root" and group "root". This could be dangerous.
[ERROR] 'timestamp'
[ERROR] [priority,] message string
Traceback (most recent call last):
File "src/espcap.py", line 77, in init_file_capture
helpers.bulk(client=es, actions=index_packets(capture=capture), chunk_size=chunk, raise_on_error=True)
File "/usr/local/lib/python3.7/site-packages/elasticsearch/helpers/actions.py", line 300, in bulk
for ok, item in streaming_bulk(client, actions, *args, **kwargs):
File "/usr/local/lib/python3.7/site-packages/elasticsearch/helpers/actions.py", line 212, in streaming_bulk
actions, chunk_size, max_chunk_bytes, client.transport.serializer
File "/usr/local/lib/python3.7/site-packages/elasticsearch/helpers/actions.py", line 63, in _chunk_actions
for action, data in actions:
File "/root/espcap/src/indexer.py", line 30, in index_packets
timestamp = int(packet['timestamp'])/1000
KeyError: 'timestamp'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "src/espcap.py", line 124, in main
init_file_capture(es=es, tshark=tshark, pcap_files=pcap_files, chunk=chunk)
File "src/espcap.py", line 81, in init_file_capture
syslog.syslog(syslog.LOG_ERR, e)
TypeError: [priority,] message string
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "src/espcap.py", line 141, in <module>
main()
File "/usr/local/lib/python3.7/site-packages/click/core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "/usr/local/lib/python3.7/site-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python3.7/site-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/local/lib/python3.7/site-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "src/espcap.py", line 136, in main
syslog.syslog(syslog.LOG_ERR, e)
TypeError: [priority,] message string
tshark: An error occurred while printing packets: Broken pipe.
The command I used:
python3.7 src/espcap.py --file=test_pcaps/test_http.pcap --node=localhost:9200
I issued the command from ~/espcap and my elk-stack (7.x) is running on localhost:9200.
I followed your installation-guide and did everything as you described.
Running on debian 9
count=0 never saves any packets
If I run:
python3 espcap.py --node=elasticsearch.vocinity.net:9200 --nic=eth1 --count=100 --bpf="udp port 5060"
Things work fine, but if I use --count=0 so I can leave it up, it never saves anything to elastic search.
error espcap.py
Hello,
Thanks for your work.
I need your help cause i got an issue when i run this command:
./espcap.py --file=/test_pcaps/test_http.pcap --node=localhost:9200
I have this error
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.