Open heathdbrown opened 1 year ago
heathdbrown
commented
1 year ago Initial thought is to keep with pyshark and utilize common wireshark filters to at least make that part easier to get something working.
Later, when dealing with larger captures or implement allowing for changing the used library for speed.
We could do that with an option or argument. The code would probably be more complicated that need be.
heathdbrown
commented
1 year ago In addition to these libraries I also found #6 sharkd and a JSON-RPC, with sample code and a tool called papr by Paul Offord
heathdbrown
commented
1 year ago Another tool and library I ran into was from Chuck Black: https://github.com/chuckablack/quokka
Pyshark Week 34 Youtube Video https://www.youtube.com/watch?v=VIxq-iwX4SQ
Quokka from scratch video series: https://www.youtube.com/watch?v=GaCzFcW8Tm4&list=PLKZjLeG8AwtEYEQjYVBzX7XJHXni39106
Pyshark is what I have used in the past and it works with tshark and wireshark installed. The issue is that while pyshark is good with standard filters it is not performant with large captures or fast.
Research other libraries for packet analysis: https://github.com/heathdbrown/research/blob/main/network/packet_analysis.md
In order of speed based on researching the topic: