Skip to content

sbdeveloper90/wireshark-analyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
sample_captures
sample_captures
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.py
app.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

🔬 Wireshark Capture Analyzer

[!IMPORTANT] Tip Vibe coded with Claude Sonnet 4.6

Note

Sample captures from Wiki Wireshark

A Streamlit web application for analyzing Wireshark .pcap / .pcapng capture files.
Designed for network managers and data analysts who need a fast, visual way to explore captured traffic.

✨ Features

Feature Details
File upload .pcap, .pcapng, .cap via drag-and-drop
Packet parsing Powered by Scapy — extracts IP, TCP, UDP, ICMP, ARP, DNS, HTTP layers
KPI summary Total packets, protocols, unique IPs, avg/total bytes
Protocol distribution Pie chart (TCP, UDP, ICMP, DNS, HTTP, HTTPS, ARP, …)
Traffic over time Area + multi-line chart, auto-scaled (ms / s / 5 s)
Packet size histogram Distribution of frame lengths
Top IPs Top Source and Destination IP bar charts
Top conversations Top IP pairs by packet count
Port analysis Top ports bar chart, Src vs Dst scatter, port frequency table
TCP flag analysis Flag frequency bar + polar radar, SYN session list
Packet table Configurable columns, row limit slider, full-text search
Packet detail Per-packet JSON drill-down with surrounding context window
CSV export Download the filtered dataset
Sidebar filters Protocol, Source IP, Destination IP, Port, Packet size range, free-text keyword

🚀 Quick Start

1. Install dependencies

pip install -r requirements.txt

Note: Scapy may need libpcap on your system.

  • macOS: brew install libpcap
  • Ubuntu/Debian: sudo apt install libpcap-dev
  • Windows: Install Npcap

2. Run the app

streamlit run app.py

The browser will open automatically at http://localhost:8501.

3. Upload a capture

Open Wireshark → File → Save As → choose .pcapng → upload in the app.

Or capture from the command line:

# Linux/macOS
sudo tcpdump -i eth0 -w capture.pcap

# All interfaces, 60 seconds
sudo tcpdump -i any -G 60 -W 1 -w capture.pcap

📁 Project Structure

wireshark_analyzer/
├── app.py            ← Main Streamlit application
├── requirements.txt  ← Python dependencies
└── README.md         ← This file

🛡️ Notes

  • All parsing happens locally — no data is sent anywhere.
  • Large captures (> 100k packets) will be slower to parse; consider filtering in Wireshark first.
  • HTTP layer parsing requires scapy-http or Scapy ≥ 2.5.

📸 App Tabs

Tab Content
📈 Overview Protocol pie · Traffic timeline · Packet size histogram · Per-protocol timeline
🗺️ Topology Top Source IPs · Top Dst IPs · Top conversations table
🔌 Ports & Services Top ports · Src vs Dst scatter · Port frequency table
🚩 TCP Flags Flag bar chart · Polar radar · SYN session list
📋 Packet Table Configurable DataFrame · CSV export
🔎 Packet Detail JSON drill-down per packet + surrounding context

About

Streamlit application for analyzing Wireshark capture files.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages