How to install beacon-pcap?

[polosec]

when I run pip install -e dissect.cobaltstrike[pcap] reports:

 pip install -e dissect.cobaltstrike pcap
Defaulting to user installation because normal site-packages is not writeable
ERROR: dissect.cobaltstrike is not a valid editable requirement. It should either be a path to a local project or a VCS URL (beginning with bzr+http, bzr+https, bzr+ssh, bzr+sftp, bzr+ftp, bzr+lp, bzr+file, git+http, git+https, git+ssh, git+git, git+file, hg+file, hg+http, hg+https, hg+ssh, hg+static-http, svn+ssh, svn+http, svn+https, svn+svn, svn+file).

and

pip install dissect.cobaltstrike pcap 
Defaulting to user installation because normal site-packages is not writeable
Looking in indexes: https://pypi.tuna.tsinghua.edu.cn/simple
Requirement already satisfied: dissect.cobaltstrike in /Users/polowong/.local/lib/python3.8/site-packages (1.0.0)
ERROR: Could not find a version that satisfies the requirement pcap (from versions: none)
ERROR: No matching distribution found for pcap

[yunzheng]

pip -e only works if you have cloned the source repository. To just install from PyPI, try:

$ pip install dissect.cobaltstrike[pcap]

If you want --editable source installation, try:

$ git clone https://github.com/fox-it/dissect.cobaltstrike
$ pip install -e .[pcap]

If that doesn't work, make sure your pip is up to date by upgrading pip first:

$ pip install --upgrade pip

[yunzheng]

Also make sure to put [pcap] in the brackets, from your command output it looks like it got lost. Depending on the shell it might be better to put it in quotes just to be sure:

$ pip install 'dissect.cobaltstrike[pcap]'