An advanced AI-powered network traffic analyzer that combines PCAP file analysis with artificial intelligence to detect suspicious network activity. Features a desktop GUI, command-line interfaces, and advanced threat detection capabilities using Rust ML backend with AI vision integration.
- Python 3.8 or higher
- Git (for cloning the repository)
- Windows/Linux/macOS
- Clone the repository:
git clone https://github.com/Juniorlcsss/entryshark
cd entryshark- Install Python dependencies:
cd pcap_analyzer
pip install -r requirements.txtcd pcap_analyzer
python entryshark_gui.pyhttps://entryshark-web.onrender.com/
cd pcap_analyzer
python enhanced_analyzer.py your_network_topology.png your_capture.pcapcd pcap_analyzer
python simple_analyzer.py your_capture.pcap- Launch the GUI application:
python entryshark_gui.py - Click "Select PCAP Files" to load your network capture files
- Optionally add a network topology image for enhanced AI analysis
- Click "Enhanced Analysis" for comprehensive threat detection
- View results in the generated reports (JSON, CSV, and readable text formats)
For advanced analysis with network topology understanding:
- Prepare a network topology diagram (PNG, JPG, etc.)
- Run:
python enhanced_analyzer.py topology.png capture.pcap - Results will be saved with timestamp in the filename
For basic threat detection without AI enhancements:
- Run:
python simple_analyzer.py capture.pcap - View console output for immediate results
EntryShark generates multiple output formats:
- JSON Report: Detailed machine-readable analysis results
- CSV Export: Structured data for spreadsheet analysis
- Text Report: Human-readable executive summary with recommendations
- Console Output: Real-time analysis progress and summary
- Network capture files (PCAP format)
- Optional: Network topology diagrams for enhanced analysis
- Optional: Mistral API key for AI vision features (set in
.envfile)