"Every packet hides a story. I give you the tools to decode it."
A weapons-grade PCAP (Packet Capture) analysis tool built for red teamers, cybersecurity researchers, and network analysts. This enhanced version provides comprehensive network traffic analysis with advanced visualization, geographic mapping, and security threat detection.
- Multi-Protocol Support: Ethernet, IP, IPv6, TCP, UDP, ARP, ICMP, DNS, HTTP, HTTPS
- Real-time Analysis: Live packet processing and visualization
- Geographic Mapping: IP geolocation with interactive maps
- Security Detection: SQL injection, XSS, brute force, and malware patterns
- Advanced Filtering: Protocol, source, destination, and packet length filtering
- Data Extraction: HTTP, SMTP, POP3, IMAP, FTP, Telnet data reconstruction
- Protocol Statistics: Comprehensive protocol distribution analysis
- Traffic Flow Analysis: Time-based traffic patterns and flow direction
- Packet Length Distribution: Statistical analysis of packet sizes
- Interactive Charts: Plotly, ECharts, and Folium-based visualizations
- Geographic Analysis: IP location mapping with traffic visualization
- Attack Pattern Detection: SQL injection, XSS, OS command injection signatures
- Anomaly Detection: Suspicious port activity and traffic patterns
- Brute Force Detection: Login failure analysis and attack identification
- Malware Indicators: Trojan and virus detection based on traffic patterns
- Python 3.8 or higher
- Git
- Internet connection (for GeoIP database)
-
Clone the repository
git clone https://github.com/err0rgod/midstalker cd midstalker -
Install dependencies
pip install -r requirements.txt
-
Run the application
streamlit run app.py
-
Open your browser Navigate to
http://localhost:8501
- Go to the "Upload File" section
- Select a
.pcapor.capfile from any folder - The tool will automatically process and validate your file
- Navigate to "Raw Data & Filtering"
- View all packets in a searchable table
- Use advanced filters by protocol, IP, or packet length
- Export filtered data for further analysis
- Visit the "Analysis" section for detailed insights
- Explore protocol statistics and traffic patterns
- Analyze inbound/outbound traffic flows
- Review security threat indicators
- Check the "Geoplots" section for IP mapping
- View geographic distribution of network traffic
- Analyze global traffic patterns and connections
PCAP-Analyzer/
βββ app.py # Main Streamlit application
βββ utils/
β βββ pcap_decode.py # Enhanced packet decoder
β βββ data_extract.py # Protocol data extraction
β βββ flow_analyzer.py # Traffic flow analysis
β βββ proto_analyzer.py # Protocol statistics
β βββ except_info.py # Security threat detection
β βββ ipmap_tools.py # Geographic mapping
β βββ protocol/ # Protocol definitions
βββ requirements.txt # Python dependencies
βββ sample.pcap # Sample data for testing
- English Documentation: All Chinese comments translated to English
- Improved Error Handling: Robust file processing and validation
- Better UI/UX: Enhanced user interface with clear navigation
- Comprehensive Logging: Detailed error messages and debugging info
| Package | Version | Purpose |
|---|---|---|
streamlit |
Latest | Web application framework |
scapy |
Latest | Packet manipulation and analysis |
plotly |
Latest | Interactive data visualization |
folium |
Latest | Geographic mapping |
geoip2 |
Latest | IP geolocation database |
numpy |
Latest | Numerical computations |
pandas |
Latest | Data manipulation |
- Investigate security incidents
- Analyze network breaches
- Reconstruct attack timelines
- Identify compromised systems
- Malware traffic analysis
- Attack pattern recognition
- Network vulnerability assessment
- Threat intelligence gathering
- Traffic pattern analysis
- Performance optimization
- Bandwidth utilization
- Protocol distribution
- Network protocol learning
- Cybersecurity training
- Packet analysis practice
- Security tool development
err0rgod (Nirbhay Katiyar) - 10x Dev | IoT Hacker | Malware Dev | Red Teamer
Electronics and cybersecurity enthusiast who creates high-impact, hacker-grade tools. This PCAP Analyzer is part of a mission to craft next-gen offensive and defensive cybersecurity frameworks β tools built for red teamers, researchers, and anyone who wants to see the raw truth hidden inside packets.
- GitHub - Weapons-grade tools and experiments
- Medium - Cybersecurity insights and techniques
- LinkedIn - Professional networking
- Instagram - Personal brand
The repository includes sample PCAP files for testing:
sample.pcap- General network trafficftp-data.pcap- FTP protocol analysisftp3.pcap- FTP session data
- β Translated all Chinese comments to English
- β Improved code documentation and structure
- β Enhanced error handling and validation
- β Added comprehensive protocol support
- β Updated UI/UX with better navigation
- β Added social media integration
- β Improved file upload functionality
- Basic PCAP analysis functionality
- Chinese language interface
- Core packet decoding capabilities
Contributions are welcome! Please feel free to submit a Pull Request. For major changes, please open an issue first to discuss what you would like to change.
- Fork the repository
- Create a feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Original Author: dj (Chinese developer) - for the foundational PCAP analysis framework
- Python Community: For the excellent libraries and tools
- Streamlit Team: For the amazing web framework
- Scapy Developers: For the powerful packet manipulation library
- Cybersecurity Community: For continuous inspiration and feedback
This tool is designed for legitimate cybersecurity research, network analysis, and educational purposes only. Users are responsible for ensuring compliance with applicable laws and regulations. The developers are not responsible for any misuse of this software.
Built with β€οΈ by err0rgod for the cybersecurity community
"In the world of cybersecurity, knowledge is power, and packets are the truth."